{"api_version":"1","generated_at":"2026-04-23T17:14:56+00:00","cve":"CVE-2009-1534","urls":{"html":"https://cve.report/CVE-2009-1534","api":"https://cve.report/api/cve/CVE-2009-1534.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1534","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1534"},"summary":{"title":"CVE-2009-1534","description":"Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka \"Office Web Components Buffer Overflow Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2009-08-12 17:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securitytracker.com/id?1022708","name":"http://www.securitytracker.com/id?1022708","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS09-043 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/56916","name":"http://osvdb.org/56916","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-223A.html","name":"http://www.us-cert.gov/cas/techalerts/TA09-223A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA09-223A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/35992","name":"http://www.securityfocus.com/bid/35992","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1534","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1534","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1534","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"biztalk_server","cpe6":"2002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"isa_server","cpe6":"2004","cpe7":"sp3","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"isa_server","cpe6":"2004","cpe7":"sp3","cpe8":"standard","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"isa_server","cpe6":"2006","cpe7":"sp1","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"isa_server","cpe6":"2006","cpe7":"sp1","cpe8":"standard","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"-","cpe7":"*","cpe8":"small_business_accounting_2006","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"xp","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_web_components","cpe6":"2000","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_web_components","cpe6":"2003","cpe7":"sp1","cpe8":"2007_microsoft_office","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_web_components","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_web_components","cpe6":"xp","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1534","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2003","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T05:13:25.643Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"56916","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/56916"},{"name":"TA09-223A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-223A.html"},{"name":"oval:org.mitre.oval:def:6326","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326"},{"name":"35992","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/35992"},{"name":"1022708","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022708"},{"name":"MS09-043","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-08-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka \"Office Web Components Buffer Overflow Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"56916","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/56916"},{"name":"TA09-223A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-223A.html"},{"name":"oval:org.mitre.oval:def:6326","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326"},{"name":"35992","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/35992"},{"name":"1022708","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022708"},{"name":"MS09-043","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2009-1534","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka \"Office Web Components Buffer Overflow Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"56916","refsource":"OSVDB","url":"http://osvdb.org/56916"},{"name":"TA09-223A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA09-223A.html"},{"name":"oval:org.mitre.oval:def:6326","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326"},{"name":"35992","refsource":"BID","url":"http://www.securityfocus.com/bid/35992"},{"name":"1022708","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022708"},{"name":"MS09-043","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2009-1534","datePublished":"2009-08-12T17:00:00.000Z","dateReserved":"2009-05-05T00:00:00.000Z","dateUpdated":"2024-08-07T05:13:25.643Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-08-12 17:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:biztalk_server:2002:*:*:*:*:*:*:*","matchCriteriaId":"44BFE3B9-3C8C-4747-AAC0-A10EED857C4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:isa_server:2004:sp3:enterprise:*:*:*:*:*","matchCriteriaId":"12FAB1BC-F8FB-4A14-8E38-703CF8E67B7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:isa_server:2004:sp3:standard:*:*:*:*:*","matchCriteriaId":"BB4F1038-F652-4A76-874F-3FFAAF30AB93"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:isa_server:2006:sp1:enterprise:*:*:*:*:*","matchCriteriaId":"64E8FCC6-B44E-4FA3-AE9E-9FB196D7CD7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:isa_server:2006:sp1:standard:*:*:*:*:*","matchCriteriaId":"91E957DC-91B8-470A-808C-9B2EA687B2A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:-:*:small_business_accounting_2006:*:*:*:*:*","matchCriteriaId":"F27860CB-929A-47F3-801E-3E69C53FA353"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*","matchCriteriaId":"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_components:2000:sp3:*:*:*:*:*:*","matchCriteriaId":"D86088BB-C81D-4CCE-B7D1-1280818D99A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_components:2003:sp1:2007_microsoft_office:*:*:*:*:*","matchCriteriaId":"7B654504-9098-4F7F-8CE7-696CF15BCA38"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"0A9C5BA7-0ECB-4101-9DAD-ECAA42C9E0A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_components:xp:sp3:*:*:*:*:*:*","matchCriteriaId":"B07BEA1E-F032-4E63-8548-C98DD6E05AAA"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*","matchCriteriaId":"85959AEB-2FE5-4A25-B298-F8223CE260D6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1534","Ordinal":"1","Title":"CVE-2009-1534","CVE":"CVE-2009-1534","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1534","Ordinal":"1","NoteData":"Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka \"Office Web Components Buffer Overflow Vulnerability.\"","Type":"Description","Title":"CVE-2009-1534"},{"CveYear":"2009","CveId":"1534","Ordinal":"2","NoteData":"2009-08-12","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"1534","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}