Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0100

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0100
Last Modified 21 Aug 2010 01:29:44
Published 15 Apr 2009 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0100

Summary

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office 2004

  • Microsoft Office 2008

  • Microsoft Office Compatibility Pack For Word Excel Ppt 2007

  • Microsoft Office Excel 2000

  • Microsoft Office Excel 2002

  • Microsoft Office Excel 2003

  • Microsoft Office Excel 2007

  • Microsoft Office Excel Viewer

  • Microsoft Office Excel Viewer 2003


References

CERT - TA09-104A

MS - MS09-009

VUPEN - ADV-2009-1023

SECTRACK - 1022039

BUGTRAQ - 20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability

MISC - http://www.fortiguardcenter.com/advisory/FGA-2009-16.html

OSVDB - 53665

Related Patches

MS09-009 968557 960000 Security Update for Excel Viewer 2007 (All Languages)

MS09-009 968557 959993 (English/MUI) Security Update for Microsoft Office Excel Viewer 2003

MS09-009 968557 968695 Microsoft Office 2004 for Mac Update 11.5.4

MS09-009 968557 968694 Microsoft Office 2008 for Mac Update 12.1.7


Last Updated: 27 May 2016 10:50:06