The Office Web Components (OWC) contain several ActiveX controls that give users limited functionality of Microsoft Office in a Web browser without requiring that the user install the full Microsoft Office application. This allows users to utilize Microsoft Office applications in situations where installation of the full application is infeasible or undesirable. The control contains three security vulnerabilities, each of which could be exploited either via a Web site or an HTML mail. They could allow an attacker to read any text that the user had copied or cut from within other applications, and provide an attacker with a way to read any desired file on the user's system; and the most serious of vulnerabilities could allow an attacker to run commands on the user's system.
||Windows 98/Me/NT/2000/XP, Microsoft Office 2000