CVSS: 9.3EPSS: 86%CPEs: 11EXPL: 4CVE-2009-1136 – Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1136
15 Jul 2009 — The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourc... • https://www.exploit-db.com/exploits/9163 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 73%CPEs: 5EXPL: 0CVE-2009-1533
https://notcve.org/view.php?id=CVE-2009-1533
10 Jun 2009 — Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." Desbordamiento de búfer en los conversores de documentos Works para Windows en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, y Works v8.5 y v9 permite a atac... • http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •