CVE-2009-2496

Name of the Vulnerable Software and Affected Versions Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office XP Web Components SP3 Microsoft Office 2003 Web Components SP3 Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System Internet Security and Acceleration (ISA) Server 2004 SP3 Internet Security and Acceleration (ISA) Server 2006 SP1 Microsoft Office Small Business Accounting 2006

Description A heap-based buffer overflow issue exists in the Office Web Components ActiveX Control, allowing remote attackers to execute arbitrary code via unspecified parameters to unknown methods.

Recommendations For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office XP Web Components SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 Web Components SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System, update to a newer version to mitigate the risk. For Internet Security and Acceleration (ISA) Server 2004 SP3, update to a newer version to mitigate the risk. For Internet Security and Acceleration (ISA) Server 2006 SP1, update to a newer version to mitigate the risk. For Microsoft Office Small Business Accounting 2006, update to a newer version to mitigate the risk.