VULHUB ™

Microsoft Office Web Components (OWC) are a collection of ActiveX objects which provide limited Office functionality to web pages. OWC is installed by default with both Office 2000 and Office XP. A vulnerability has been reported within some versions of the OWC Spreadsheet component. It is possible for a web page using this component to verify the existence of any specified local file. This may be accomplished by passing the XMLURL property of the OWC object a URL which then redirects to a local file. Additionally, it is possible to view the file contents if the file is a valid WorkSheet XML document. The attacker may also be able to use this information to perform further, intelligent attacks against the vulnerable system.

Microsoft Office Web Components (OWC) are a collection of ActiveX objects which provide limited Office functionality to web pages. OWC is installed by default with both Office 2000 and Office XP. A vulnerability has been reported within some versions of the OWC Spreadsheet component. It is possible for a web page using this component to verify the existence of any specified local file. This may be accomplished by passing the XMLURL property of the OWC object a URL which then redirects to a local file. Additionally, it is possible to view the file contents if the file is a valid WorkSheet XML document. The attacker may also be able to use this information to perform further, intelligent attacks against the vulnerable system.