Intrusion PreventionMS.Office.Web.Components.ActiveX.Remote.Code.Execution
Description
This indicates a possible attempt to exploit a remote code execution vulnerability in Microsoft Office Web Components.
The "DataSourceControl" object in the Office Web Components Library 9 (MSOWC.DLL), shipped with Office 2000 and Office XP, contains a vulnerability which allows remote attackers to control the path of file creation on the local computer. A user's computer can be compromised when browsing a malicious site that invokes the OWC functionality.
Affected Products
Microsoft Office Web Components 2000
+ Microsoft Back Office Server 2000
+ Microsoft BizTalk Server 2000 Developer Edition SP2
+ Microsoft BizTalk Server 2000 Developer Edition SP1a
+ Microsoft BizTalk Server 2000 Developer Edition
+ Microsoft BizTalk Server 2000 Enterprise Edition SP2
+ Microsoft BizTalk Server 2000 Enterprise Edition SP1a
+ Microsoft BizTalk Server 2000 Enterprise Edition
+ Microsoft BizTalk Server 2000 Standard Edition SP2
+ Microsoft BizTalk Server 2000 Standard Edition SP1a
+ Microsoft BizTalk Server 2000 Standard Edition
+ Microsoft BizTalk Server 2002 Developer Edition
+ Microsoft BizTalk Server 2002 Enterprise Edition
+ Microsoft Commerce Server 2000 SP2
+ Microsoft Commerce Server 2000 SP1
+ Microsoft Commerce Server 2000
+ Microsoft Commerce Server 2002
+ Microsoft Internet Explorer for Unix SP2
+ Microsoft ISA Server 2000 SP2
+ Microsoft ISA Server 2000 SP1
+ Microsoft ISA Server 2000 FP1
+ Microsoft ISA Server 2000
+ Microsoft ISA Server 2000 Enterprise Edition SP2
+ Microsoft ISA Server 2000 Enterprise Edition SP1
+ Microsoft ISA Server 2000 Enterprise Edition
+ Microsoft Office 2000 SP2
+ Microsoft Office 2000 SP1
+ Microsoft Office 2000
+ Microsoft Office XP SP3
+ Microsoft Office XP SP2
+ Microsoft Office XP SP1
+ Microsoft Office XP
+ Microsoft Small Business Server 2000
+ Microsoft Visual Studio .NET 2002
+ Microsoft Visual Studio .NET 2003 Enterprise Architect
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
Impact
System Compromise: remote code execution.
Recommended Actions
Microsoft has released an advisory and fixes to address this issue. Please see the references for more information.
Microsoft Security Update for Commerce Sever 2000 (KB941305)
http://www.microsoft.com/downloads/details.aspx?FamilyId=71DE76BA-B62C -4A7A-A78A-9317F5255B13
Microsoft Security Update For Microsoft BizTalk Server 2000 (KB939714)
http://www.microsoft.com/downloads/details.aspx?FamilyId=E0993E49C0A81 1D2973D00C04F79E4B3
Microsoft Security Update For Microsoft BizTalk Server 2002 (KB939714)
http://www.microsoft.com/downloads/details.aspx?FamilyId=12B7D09A92AB4 596996670799837D961
Microsoft Security Update For Microsoft Office 2000 Service Pack 3 (KB931660)
http://www.microsoft.com/downloads/details.aspx?FamilyId=806c654a-35e3 -4385-855a-4b803249bfcf
Microsoft Security Update for Microsoft Office Web Components 2000 used in ISA Server 2000 Reporting
http://www.microsoft.com/downloads/details.aspx?FamilyId=526D87BD-C3DA -412E-8765-C15987AE9B01
Microsoft Security Update For Microsoft Office XP Service Pack 3 (KB931660)
http://www.microsoft.com/downloads/details.aspx?FamilyId=806c654a-35e3 -4385-855a-4b803249bfcf
Microsoft Visual Studio .NET 2002 Service Pack 1 MSOWC.DLL Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=D71B23FA-A873 -406D-BAD7-E38E565DEE39&displaylang=en
Microsoft Visual Studio .NET 2003 Service Pack 1 MSOWC.DLL Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=2FE10CCD-40CB -4090-B83D-EAE3D4ECA174&displaylang=en
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 15473 |
| Created | Mar 12, 2008 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2007-1201 |
| Exploit Prediction Score | 93.48% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Office |