Home / bulletins MS09-043 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) - Version:1.1
Posted on 12 August 2009
CriticalSeverity Rating: Critical - Revision Note: V1.1 (August 12, 2009): Corrected the restart requirement for Visual Studio .NET 2003; updated the tables in the Detection and Deployment Tools and Guidance section; updated the impact description of the workaround, "Prevent Office Web Components Library from running in Internet Explorer;" corrected the update installation switches for Internet Security and Acceleration Server 2004 and Internet Security and Acceleration Server 2006; and performed miscellaneous edits.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other versions
- MS09-043 - Version: 2.0
- MS09-043 - Version: 1.0
- MS09-043 - Version: 1.1
