This Metasploit module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code.
62af271be942f6f55dcf24ea35dcb2372b11bd7391f408ea6ae7a854ad04f5f7
iDefense Security Advisory 08.11.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s Office Web Components 2000 could allow an attacker to execute arbitrary code with the privileges of the logged on user. When instantiating a Spreadsheet object, it is possible to pass the object a parameter that refers to an Excel file that will be retrieved and then loaded. By using a long string for the parameter, it is possible to case a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Office XP Service Pack 3.
7e86dfe50c26093d7d93ca00213f5b882ccab246101ee1b9ba9aba393a3b05fa