The security update addresses the vulnerabilities by correctly handling memory allocation when the ActiveX control is used in Internet Explorer, correcting validation logic for Office Web Components ActiveX control methods, and performing additional parameter validation. For more information, see the subsection, Affected and Non-Affected Software, in this section. NET 2003, and Microsoft Office Small Business Accounting 2006. This security update is rated Critical for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2000 Web Components, Microsoft Office XP Web Components, Microsoft Office 2003 Web Components, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system, Microsoft Internet Security and Acceleration Server 2004 Standard Edition, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006, Microsoft BizTalk Server 2002, Microsoft Visual Studio. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. Version: 2.0 General Information Executive Summary Security Bulletin Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing spreadsheets, charts, and databases to the Web.-> However, they were available for download from Microsoft's website. Hi, According to my research, the Office Web Components were discontinued in Office 2007 except as a part of Office Project Server 2007. Download Microsoft Office Web Component.