Monday, July 13, 2009

something more about "Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execuion"

A good keyord for search info about new "big vendors" vulnerabilities is "roadmap" :). Sometimes is very usefull, I think. Opss! another "good bug hunter trick it's just been fulldisclosed".

http://blogs.msdn.com/excel/archive/2006/07/17/668544.aspx

Anyway... The CLSID for this threat are:

{0002E541-0000-0000-C000-000000000046}
{0002E559-0000-0000-C000-000000000046}

Check the following Registry entry:



and




Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx

KB article: http://support.microsoft.com/kb/973472

CVE: CVE-2009-1136

method affected: msDataSourceObject

PoC: http://en.securitylab.ru/poc/extra/382458.php

No comments:

Post a Comment