CVE-2009-0562

Name of the Vulnerable Software and Affected Versions Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office XP Web Components SP3 Microsoft Office 2003 Web Components SP3 Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System Internet Security and Acceleration (ISA) Server 2004 SP3 Internet Security and Acceleration (ISA) Server 2006 SP1 Microsoft Office Small Business Accounting 2006

Description The issue is related to improper memory allocation by the Office Web Components ActiveX Control, allowing remote attackers to execute arbitrary code. This is achieved through unspecified vectors that trigger system state corruption.

Recommendations For Microsoft Office XP SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office 2003 SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office XP Web Components SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office 2003 Web Components SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System, update to a version that properly allocates memory to prevent arbitrary code execution. For Internet Security and Acceleration (ISA) Server 2004 SP3, update to a version that properly allocates memory to prevent arbitrary code execution. For Internet Security and Acceleration (ISA) Server 2006 SP1, update to a version that properly allocates memory to prevent arbitrary code execution. For Microsoft Office Small Business Accounting 2006, update to a version that properly allocates memory to prevent arbitrary code execution.