The Office Web Components (OWC) contain several ActiveX controls that give users limited functionality of Microsoft Office in a web browser without requiring that the user install the full Microsoft Office application. This allows users to utilise Microsoft Office applications in situations where installation of the full application is infeasible or undesirable.
A flaw exists which could allow an attacker to run commands on the user's system. Affected systems include: Office Web Components, Office, BackOffice Server, BizTalk Server, Commerce Server, ISA Server, Money, Microsoft Project, Microsoft Project Server, Small Business Server.
For more, click here