All the vulnerabilites related to microsoft - office_excel
Vulnerability from fkie_nvd
Published
2008-12-10 14:00
Modified
2024-11-21 00:51
Severity ?
Summary
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2002 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | 20007_office_system | * | |
| microsoft | 20007_office_system | sp1 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | xp | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCABD31-F406-4184-97AF-21AD95353D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:20007_office_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B507F860-5D28-4E86-8F61-FC71F4C030C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:20007_office_system:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A0B1B7-21A7-4038-8738-02AFADAAB06D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2000 SP3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una hoja de c\u00e1lculo manipulada que contiene un objeto malformado, lo que dispara una corrupci\u00f3n de memoria durante la carga de registros desde esta hoja de c\u00e1lculo, alias \"Vulnerabilidad de An\u00e1lisis de Formato de Fichero\"."
}
],
"evaluatorComment": "http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx\r\n\r\n\t\r\nFile Format Parsing Vulnerability - CVE-2008-4265\r\n\r\nA remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.",
"id": "CVE-2008-4265",
"lastModified": "2024-11-21T00:51:17.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-10T14:00:01.097",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1021368"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:30
Modified
2024-11-21 01:00
Severity ?
Summary
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Excel en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, y Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; y Microsoft Office Excel Viewer 2003 SP3 permite a atacantes remotos ejecutar codigo de forma arbitraria a trav\u00e9s de un fichero Excel con un objeto \"record\" deformado, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Puntero \"Record\"."
}
],
"id": "CVE-2009-0549",
"lastModified": "2024-11-21T01:00:17.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:30:00.187",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/54952"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35215"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:30
Modified
2024-11-21 01:00
Severity ?
Summary
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"String Copy Stack-Based Overrun Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Excel en Microsoft Office 2000 SP3 y Office XP SP3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Excel con un objeto de registro mal formado, tambi\u00e9n conocido como \"Vulnerabilidad String Copy Stack-Based Overrun\"."
}
],
"id": "CVE-2009-0559",
"lastModified": "2024-11-21T01:00:19.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:30:00.250",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35243"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:30
Modified
2024-11-21 01:00
Severity ?
Summary
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka \"Record Integer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Un desbordamiento enteros en Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP3 y Office 2004 y 2008 para Mac de Microsoft; Excel en 2007 Office System SP1 y SP2 de Microsoft; Open XML File Format Converter para Mac; Office Excel Viewer 2003 SP3 de Microsoft; Office Excel Viewer de Microsoft; Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft; y Office SharePoint Server 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel con un registro de tabla de cadenas compartidas (SST) con un campo num\u00e9rico que especifica un n\u00famero no v\u00e1lido de cadenas \u00fanicas, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, tambi\u00e9n se conoce como \"Record Integer Overflow Vulnerability\"."
}
],
"id": "CVE-2009-0561",
"lastModified": "2024-11-21T01:00:19.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:30:00.280",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
},
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/54957"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-12/"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35245"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 14:00
Modified
2024-11-21 00:51
Severity ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2002 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | 20007_office_system | * | |
| microsoft | 20007_office_system | sp1 | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | xp | |
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCABD31-F406-4184-97AF-21AD95353D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:20007_office_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B507F860-5D28-4E86-8F61-FC71F4C030C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:20007_office_system:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A0B1B7-21A7-4038-8738-02AFADAAB06D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB3D66F-9028-4703-9D6A-629331EEB492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers \"pointer corruption\" during the loading of formulas from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1; Office 2004 y 2008 para Mac; y Open XML File Format Converter para Mac que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de hojas de Excel manipulada que pueden contener f\u00f3rmular malformadas, las cuales lanzan una \"corrupci\u00f3n de puntero\" durante la carga de f\u00f3rmulas desde esta hoja, alias \"Vulnerabilidad de analizador de formato de archivo\""
}
],
"evaluatorComment": "http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx\r\n\r\n\t\r\nFile Format Parsing Vulnerability - CVE-2008-4264\r\n\r\nA remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.",
"id": "CVE-2008-4264",
"lastModified": "2024-11-21T00:51:17.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-10T14:00:01.080",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/32621"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1021368"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-15 08:00
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2002 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1; Excel en Microsoft Office 2004 y 2008 para Mac; Microsoft Office Excel Viewer y Excel Viewer 2003 SP3; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 no parsea adecuadamente el fichero con formato de hoja de c\u00e1lculo Excel, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo manipulada que contiene un objeto mal formado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria\"."
}
],
"id": "CVE-2009-0100",
"lastModified": "2024-11-21T00:59:03.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-15T08:00:00.530",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/53665"
},
{
"source": "secure@microsoft.com",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022039"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:30
Modified
2024-11-21 01:01
Severity ?
Summary
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Excel en 2007 Office System SP1 y SP2 de Microsoft; Office Excel Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo BIFF con un objeto de registro Qsir (0x806) malformado, tambi\u00e9n se conoce como \"Record Pointer Corruption Vulnerability\"."
}
],
"id": "CVE-2009-1134",
"lastModified": "2024-11-21T01:01:44.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:30:00.407",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/54958"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35246"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "secure@microsoft.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:30
Modified
2024-11-21 01:00
Severity ?
Summary
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Field Sanitization Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Excel en Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, y Office 2004 y 2008 para Mac; Excel en 2007 Microsoft Office System SP1 y SP2; Open XML File Format Converter para Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Excel manipulado con un objeto record mal formado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria en la limpieza de campos\"."
}
],
"id": "CVE-2009-0560",
"lastModified": "2024-11-21T01:00:19.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:30:00.267",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/54956"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35244"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:30
Modified
2024-11-21 01:00
Severity ?
Summary
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2004 | |
| microsoft | office | 2008 | |
| microsoft | office | xp | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | open_xml_file_format_converter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*",
"matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
"matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Error de \u00edndice de matriz en Excel en Office 2000 SP3 y Office 2004 y 2008 para Mac, y Open XML File Format Converter para Mac, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel dise\u00f1ado con un objeto de registro malformado, tambi\u00e9n se conoce como \"Array Indexing Memory Corruption Vulnerability\u201d."
}
],
"id": "CVE-2009-0558",
"lastModified": "2024-11-21T01:00:19.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:30:00.217",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/54954"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-1/"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35242"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-25 16:30
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2004 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2008 | |
| microsoft | office_compatibility_pack | 2007 | |
| microsoft | office_excel | 2000 | |
| microsoft | office_excel | 2002 | |
| microsoft | office_excel | 2003 | |
| microsoft | office_excel | 2007 | |
| microsoft | office_excel_viewer | * | |
| microsoft | office_excel_viewer | 2003 | |
| microsoft | office_excel_viewer | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
"matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
"matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*",
"matchCriteriaId": "D2289060-BDF3-4F45-B256-FE3DBA8181E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
},
{
"lang": "es",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3 y 2007 SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP1; y Excel de Microsoft Office 2004 y 2008 para Mac; permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento Excel manipulado que provoca un intento de acceso a un objeto no v\u00e1lido, tal y como se ha explotado libremente en Febrero 2009 por MDropper.XR."
}
],
"id": "CVE-2009-0238",
"lastModified": "2024-11-21T00:59:24.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-25T16:30:00.343",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://blogs.zdnet.com/security/?p=2658"
},
{
"source": "secure@microsoft.com",
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1021744"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/33870"
},
{
"source": "secure@microsoft.com",
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.zdnet.com/security/?p=2658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2009-0238
Vulnerability from cvelistv5
Published
2009-02-25 16:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.microsoft.com/technet/security/advisory/968272.mspx | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1023 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48875 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/cas/techalerts/TA09-104A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/33870 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99 | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968 | vdb-entry, signature, x_refsource_OVAL | |
| http://isc.sans.org/diary.html?storyid=5923 | x_refsource_MISC | |
| http://securitytracker.com/id?1021744 | vdb-entry, x_refsource_SECTRACK | |
| http://blogs.zdnet.com/security/?p=2658 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"name": "ADV-2009-1023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "ms-excel-unspecified-code-execution(48875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "33870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"name": "MS09-009",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:5968",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"name": "1021744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=2658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"name": "ADV-2009-1023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "ms-excel-unspecified-code-execution(48875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "33870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"name": "MS09-009",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:5968",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"name": "1021744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=2658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/968272.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
},
{
"name": "ADV-2009-1023",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "ms-excel-unspecified-code-execution(48875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "33870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33870"
},
{
"name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99",
"refsource": "MISC",
"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
},
{
"name": "MS09-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:5968",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
},
{
"name": "http://isc.sans.org/diary.html?storyid=5923",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=5923"
},
{
"name": "1021744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021744"
},
{
"name": "http://blogs.zdnet.com/security/?p=2658",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=2658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0238",
"datePublished": "2009-02-25T16:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0549
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/54952 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/35215 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "54952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54952"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "35215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35215"
},
{
"name": "oval:org.mitre.oval:def:5830",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "54952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54952"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "35215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35215"
},
{
"name": "oval:org.mitre.oval:def:5830",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "54952",
"refsource": "OSVDB",
"url": "http://osvdb.org/54952"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "35215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35215"
},
{
"name": "oval:org.mitre.oval:def:5830",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0549",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0558
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/504188/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/35242 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| http://osvdb.org/54954 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/secunia_research/2009-1/ | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:04.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"name": "35242",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35242"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54954"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-1/"
},
{
"name": "oval:org.mitre.oval:def:11525",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"name": "35242",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35242"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54954"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-1/"
},
{
"name": "oval:org.mitre.oval:def:11525",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"name": "35242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35242"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54954",
"refsource": "OSVDB",
"url": "http://osvdb.org/54954"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "http://secunia.com/secunia_research/2009-1/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-1/"
},
{
"name": "oval:org.mitre.oval:def:11525",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0558",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:04.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4264
Vulnerability from cvelistv5
Published
2008-12-10 13:33
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074 | vendor-advisory, x_refsource_MS | |
| http://www.vupen.com/english/advisories/2008/3386 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1021368 | vdb-entry, x_refsource_SECTRACK | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/32621 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
},
{
"name": "MS08-074",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"name": "ADV-2008-3386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"name": "1021368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021368"
},
{
"name": "TA08-344A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name": "32621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers \"pointer corruption\" during the loading of formulas from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
},
{
"name": "MS08-074",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"name": "ADV-2008-3386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"name": "1021368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021368"
},
{
"name": "TA08-344A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name": "32621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-4264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers \"pointer corruption\" during the loading of formulas from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5556"
},
{
"name": "MS08-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"name": "ADV-2008-3386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"name": "1021368",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021368"
},
{
"name": "TA08-344A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name": "32621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-4264",
"datePublished": "2008-12-10T13:33:00",
"dateReserved": "2008-09-25T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0100
Vulnerability from cvelistv5
Published
2009-04-15 03:49
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1023 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/502696/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.us-cert.gov/cas/techalerts/TA09-104A.html | third-party-advisory, x_refsource_CERT | |
| http://www.fortiguardcenter.com/advisory/FGA-2009-16.html | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043 | vdb-entry, signature, x_refsource_OVAL | |
| http://osvdb.org/53665 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022039 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
},
{
"name": "MS09-009",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:6043",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
},
{
"name": "53665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53665"
},
{
"name": "1022039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
},
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
},
{
"name": "MS09-009",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:6043",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
},
{
"name": "53665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53665"
},
{
"name": "1022039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1023",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1023"
},
{
"name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html",
"refsource": "MISC",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
},
{
"name": "MS09-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
},
{
"name": "oval:org.mitre.oval:def:6043",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
},
{
"name": "53665",
"refsource": "OSVDB",
"url": "http://osvdb.org/53665"
},
{
"name": "1022039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0100",
"datePublished": "2009-04-15T03:49:00",
"dateReserved": "2009-01-08T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0560
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/54956 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/35244 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:04.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "54956",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54956"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "oval:org.mitre.oval:def:6178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35244",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Field Sanitization Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "54956",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54956"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "oval:org.mitre.oval:def:6178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35244",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Field Sanitization Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "54956",
"refsource": "OSVDB",
"url": "http://osvdb.org/54956"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "oval:org.mitre.oval:def:6178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0560",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:04.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0559
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/35243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "oval:org.mitre.oval:def:6273",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"String Copy Stack-Based Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "oval:org.mitre.oval:def:6273",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"String Copy Stack-Based Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "oval:org.mitre.oval:def:6273",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0559",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0557
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| http://osvdb.org/54953 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35241 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "oval:org.mitre.oval:def:5564",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54953",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54953"
},
{
"name": "35241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35241"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Object Record Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "oval:org.mitre.oval:def:5564",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54953",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54953"
},
{
"name": "35241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35241"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Object Record Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "oval:org.mitre.oval:def:5564",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54953",
"refsource": "OSVDB",
"url": "http://osvdb.org/54953"
},
{
"name": "35241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35241"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0557",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0561
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/secunia_research/2009-12/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/504190/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT | |
| http://osvdb.org/54957 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35245 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-12/"
},
{
"name": "20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
},
{
"name": "20090609 Microsoft Excel SST Record Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "oval:org.mitre.oval:def:5925",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "54957",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54957"
},
{
"name": "35245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka \"Record Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-12/"
},
{
"name": "20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
},
{
"name": "20090609 Microsoft Excel SST Record Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "oval:org.mitre.oval:def:5925",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "54957",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54957"
},
{
"name": "35245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka \"Record Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "http://secunia.com/secunia_research/2009-12/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-12/"
},
{
"name": "20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded"
},
{
"name": "20090609 Microsoft Excel SST Record Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "oval:org.mitre.oval:def:5925",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "54957",
"refsource": "OSVDB",
"url": "http://osvdb.org/54957"
},
{
"name": "35245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0561",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4265
Vulnerability from cvelistv5
Published
2008-12-10 13:33
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2008/3386 | vdb-entry, x_refsource_VUPEN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id?1021368 | vdb-entry, x_refsource_SECTRACK | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS08-074",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"name": "oval:org.mitre.oval:def:5614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
},
{
"name": "ADV-2008-3386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"name": "20081209 Microsoft Excel Malformed Object Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
},
{
"name": "1021368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021368"
},
{
"name": "TA08-344A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS08-074",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"name": "oval:org.mitre.oval:def:5614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
},
{
"name": "ADV-2008-3386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"name": "20081209 Microsoft Excel Malformed Object Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
},
{
"name": "1021368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021368"
},
{
"name": "TA08-344A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-4265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka \"File Format Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS08-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-074"
},
{
"name": "oval:org.mitre.oval:def:5614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5614"
},
{
"name": "ADV-2008-3386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3386"
},
{
"name": "20081209 Microsoft Excel Malformed Object Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763"
},
{
"name": "1021368",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021368"
},
{
"name": "TA08-344A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-4265",
"datePublished": "2008-12-10T13:33:00",
"dateReserved": "2008-09-25T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1134
Vulnerability from cvelistv5
Published
2009-06-10 18:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35246 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/504213/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2009/1540 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022351 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 | vendor-advisory, x_refsource_MS | |
| http://osvdb.org/54958 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | third-party-advisory, x_refsource_CERT | |
| http://www.zerodayinitiative.com/advisories/ZDI-09-040/ | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35246"
},
{
"name": "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54958"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"name": "oval:org.mitre.oval:def:5922",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "35246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35246"
},
{
"name": "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"name": "ADV-2009-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54958"
},
{
"name": "TA09-160A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"name": "oval:org.mitre.oval:def:5922",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35246"
},
{
"name": "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54958",
"refsource": "OSVDB",
"url": "http://osvdb.org/54958"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"name": "oval:org.mitre.oval:def:5922",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1134",
"datePublished": "2009-06-10T18:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}