What is the severity of CVE-2009-1136?

CVE-2009-1136 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2009-1136?

Yes, there are known exploits available for CVE-2009-1136. Immediate patching is recommended.

Is there a patch available for CVE-2009-1136?

Yes, patches are available for CVE-2009-1136. Check the vendor advisories for update instructions.

CVE-2009-1136 - CVE Details, Severity, and Analysis

CVE-2009-1136 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v30.0

CVSS v29.3

Priority Score0.0

EPSS Score86.0

None

Exploitation LikelihoodCritical

86.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

86.00%

EPSS

0.0

CVSS

Yes

Exploit

Yes

Patch

High Priority

high EPSS • exploit exists

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Exploit References

Trac.metasploit.com [email protected]

Patch References

[email protected]Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Isa Server
Microsoft