|
|
| |
Credit:
The information has been provided by Peter Vreugdenhil .
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-09-055
|
| |
Vulnerable Systems:
* Microsoft Office Word
* Microsoft Office Excel
The specific flaw exists when loading and unloading the vulnerable control (0002E543-0000-0000-C000-000000000046) and results in transfer of control to unallocated memory. This issue can be exploited to execute arbitrary code under the context of the currently logged in user user.
Patch Availability:
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/MS09-043.mspx
CVE Information:
CVE-2009-0562
Disclosure Timeline:
2007-03-29 - Vulnerability reported to vendor
2009-08-11 - Coordinated public release of advisory
-------------------------------------------------------------------------------------------------------------------------------
Find out more about website security scanning.
|
|
|
