1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Office Web Component DoS

HTTP MS Office Web Component DoS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to trigger denial of service vulnerability by passing specially crafted arguments into a method of Microsoft Office Web Component ActiveX Control.

Additional Information

Microsoft Office Component is a collection of Component Object Model (COM) controls for publishing and viewing spreadsheets, charts, and databases on websites.

The software is prone to a denial-of-service vulnerability because of a memory access violation.

This issue occurs when a new ActiveXObject 'OWC.11.DataSourceControl' object is instantiated in a webpage. Arbitrary data can be written to the object via the 'XMLDataTarget' attribute.

Attackers can exploit this issue to crash Internet Explorer and deny service to legitimate users.

Affected

  • This issue affects OWC11 for Microsoft Office 2003.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube