Intrusion Prevention

MS.Office.Web.Components.ActiveX.Code.Execution

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in Microsoft Office Web Components.
The vulnerability is a stack based buffer overflow in the Microsoft Office "Spreadsheet" class, which is hosted by MSOWC.DLL. It results from the application's failure to perform boundary checks on user supplied input. By exploiting this a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.

Affected Products

Microsoft Office Web Components 2000
Microsoft Back Office Server 2000
Microsoft BizTalk Server 2000 Developer Edition SP2
Microsoft BizTalk Server 2000 Developer Edition SP1a
Microsoft BizTalk Server 2000 Developer Edition
Microsoft BizTalk Server 2000 Enterprise Edition SP2
Microsoft BizTalk Server 2000 Enterprise Edition SP1a
Microsoft BizTalk Server 2000 Enterprise Edition
Microsoft BizTalk Server 2000 Standard Edition SP2
Microsoft BizTalk Server 2000 Standard Edition SP1a
Microsoft BizTalk Server 2000 Standard Edition
Microsoft BizTalk Server 2002 Enterprise Edition
Microsoft Commerce Server 2000 SP2
Microsoft Commerce Server 2000 SP1
Microsoft Commerce Server 2000
Microsoft Commerce Server 2002
Microsoft Internet Explorer for Unix SP2
Microsoft ISA Server 2000 SP2
Microsoft ISA Server 2000 SP1
Microsoft ISA Server 2000 FP1
Microsoft ISA Server 2000
Microsoft ISA Server 2000 Enterprise Edition SP2
Microsoft ISA Server 2000 Enterprise Edition SP1
Microsoft ISA Server 2000 Enterprise Edition
Microsoft Office 2000 SP2
Microsoft Office 2000 SP1
Microsoft Office 2000
Microsoft Office XP SP3
Microsoft Office XP SP2
Microsoft Office XP SP1
Microsoft Office XP
Microsoft Small Business Server 2000
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003 Enterprise Architect
Microsoft Visual Studio .NET Enterprise Architect Edition
Microsoft Visual Studio .NET Enterprise Developer Edition

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx

CVE References

CVE-2006-4695