Exploit:JS/CVE-2009-1136

Exploit:JS/CVE-2009-1136 is detection for malicious JavaScript that exploits a vulnerability in Microsoft Office Web Components that could execute arbitrary code. Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. This exploit is also referred to as CVE-2009-1136.

This exploit may be present in attacker-modified Web pages. The vulnerability exists specifically in the Spreadsheet ActiveX Control and could allow an attacker who successfully exploited this vulnerability the same user rights as the local user. We are aware of limited, active, and Web-based attacks that exploit this vulnerability.

If a user browses a Web page containing the code and the malicious ActiveX successfully executes the exploit on a vulnerable computer, remote code execution is possible and may not require any user intervention.

Microsoft recommends that customers implement the workarounds outlined in Microsoft Security Advisory (973472) to help prevent the ActiveX control from loading in Internet Explorer pending a security update.

 

Microsoft has provided Microsoft Knowledge Base Article 973472 to assist in reducing the risk of this exploit.