CVE-2009-1534

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
75.4%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: August 12, 2009 (6119 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

CWE

CWE-119

Affected Products

microsoft isa servermicrosoft officemicrosoft office web components

References

🔗 osvdb.org 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 docs.microsoft.com