cvelistv5 - cve-2009-0100

CVE-2009-0100 (GCVE-0-2009-0100)

Vulnerability from cvelistv5 – Published: 2009-04-15 03:49 – Updated: 2024-08-07 04:24

Summary

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/1023	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/502696/100…	mailing-listx_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	third-party-advisoryx_refsource_CERT
	http://www.fortiguardcenter.com/advisory/FGA-2009…	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://osvdb.org/53665	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1022039	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:17.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-1023",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1023"
          },
          {
            "name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
          },
          {
            "name": "TA09-104A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
          },
          {
            "name": "MS09-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
          },
          {
            "name": "oval:org.mitre.oval:def:6043",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
          },
          {
            "name": "53665",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53665"
          },
          {
            "name": "1022039",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022039"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-1023",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1023"
        },
        {
          "name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
        },
        {
          "name": "TA09-104A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
        },
        {
          "name": "MS09-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
        },
        {
          "name": "oval:org.mitre.oval:def:6043",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
        },
        {
          "name": "53665",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53665"
        },
        {
          "name": "1022039",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022039"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-1023",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1023"
            },
            {
              "name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html",
              "refsource": "MISC",
              "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
            },
            {
              "name": "MS09-009",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
            },
            {
              "name": "oval:org.mitre.oval:def:6043",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
            },
            {
              "name": "53665",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53665"
            },
            {
              "name": "1022039",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022039"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0100",
    "datePublished": "2009-04-15T03:49:00",
    "dateReserved": "2009-01-08T00:00:00",
    "dateUpdated": "2024-08-07T04:24:17.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"5BA91840-371C-4282-9F7F-B393F785D260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"34C5FEAD-4B4B-44EB-9F3A-05093347A2F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"806086B6-AB83-4008-A1A2-73BC35A95925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD22DBA8-40B0-4197-9D56-38D5D9E1ED89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"297A9F48-13DF-4042-AC21-B8B764B217BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A2613CE-C469-43AE-A590-87CE1FAADA8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B18C291F-57C2-4328-8FCF-3C1A27B0D18D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \\\"an offset and a two-byte value\\\" that trigger a memory calculation error, aka \\\"Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1; Excel en Microsoft Office 2004 y 2008 para Mac; Microsoft Office Excel Viewer y Excel Viewer 2003 SP3; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 no parsea adecuadamente el fichero con formato de hoja de c\\u00e1lculo Excel, lo cual permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de una hoja de c\\u00e1lculo manipulada que contiene un objeto mal formado, tambi\\u00e9n conocido como \\\"Vulnerabilidad de corrupci\\u00f3n de memoria\\\".\"}]",
      "id": "CVE-2009-0100",
      "lastModified": "2024-11-21T00:59:03.340",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-04-15T08:00:00.530",
      "references": "[{\"url\": \"http://osvdb.org/53665\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.fortiguardcenter.com/advisory/FGA-2009-16.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/502696/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1022039\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1023\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/53665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.fortiguardcenter.com/advisory/FGA-2009-16.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/502696/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0100\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-04-15T08:00:00.530\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \\\"an offset and a two-byte value\\\" that trigger a memory calculation error, aka \\\"Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1; Excel en Microsoft Office 2004 y 2008 para Mac; Microsoft Office Excel Viewer y Excel Viewer 2003 SP3; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 no parsea adecuadamente el fichero con formato de hoja de c\u00e1lculo Excel, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo manipulada que contiene un objeto mal formado, tambi\u00e9n conocido como \\\"Vulnerabilidad de corrupci\u00f3n de memoria\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"5BA91840-371C-4282-9F7F-B393F785D260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C5FEAD-4B4B-44EB-9F3A-05093347A2F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"806086B6-AB83-4008-A1A2-73BC35A95925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD22DBA8-40B0-4197-9D56-38D5D9E1ED89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"297A9F48-13DF-4042-AC21-B8B764B217BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2613CE-C469-43AE-A590-87CE1FAADA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18C291F-57C2-4328-8FCF-3C1A27B0D18D\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/53665\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.fortiguardcenter.com/advisory/FGA-2009-16.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/502696/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1022039\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1023\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/53665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fortiguardcenter.com/advisory/FGA-2009-16.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/502696/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-4MHF-PW3Q-X8RP

Vulnerability from github – Published: 2022-05-02 03:12 – Updated: 2022-05-02 03:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0100"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-15T08:00:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\"",
  "id": "GHSA-4mhf-pw3q-x8rp",
  "modified": "2022-05-02T03:12:50Z",
  "published": "2022-05-02T03:12:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0100"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53665"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022039"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-ALE-002

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été identifiée sur Microsoft Excel. L'exploitation de cette dernière par le biais d'un document spécialement conçu permet à une personne malveillante d'exécuter du code arbitraire à distance sur un poste ayant une version vulnérable de l'application.

Description

Une vulnérabilité a été identifiée sur l'application bureautique Microsoft Excel.

L'exploitation de cette vulnérabilité par le biais d'un document XLS spécialement conçu permet à une personne malveillante d'exécuter du code arbitraire à distance sur un poste ayant une version vulnérable de l'application.

Contournement provisoire

Dans l'attente d'un correctif, plusieurs mesures permettent de réduire l'impact de l'exploitation de cette vulnérabilité :

travailler avec un compte utilisateur aux droits restreints (principe du moindre privilège) ;
utiliser l'outil de conversion MOICE (Microsoft Office Isolated Conversion Environment) pour convertir tout fichier XLS en XSLX avant son ouverture ;
activer la mesure (très restrictive) FileBlock, imposant l'ouverture unique des fichiers au nouveau format XML. Les détails pratiques se trouvent dans l'avis de sécurité Microsoft ;
utiliser un logiciel alternatif (visualisateur, tableur ou suite bureautique) ;
n'ouvrir que des documents issus de sources de confiance ;
être circonspect à l'égard des pièces jointes de courriels et des documents téléchargés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Excel 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office Excel Viewer ;
Microsoft	Office	Microsoft Office Excel 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Office Excel 2002 Service Pack 3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009	None	vendor-advisory
Avis de sécurité Microsoft 968272 du 24 février 2009	None	vendor-advisory
Article du bloc-notes MSRC correspondant :	-	other
Article du bloc-notes SWI correspondant :	-	other
Référence CVE CVE-2009-0238 :	-	other
Avis du CERTA numéro CERTA-2009-AVI-147 du 15 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Excel 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-04-15",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sur l\u0027application bureautique\nMicrosoft Excel.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 par le biais d\u0027un document XLS\nsp\u00e9cialement con\u00e7u permet \u00e0 une personne malveillante d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur un poste ayant une version vuln\u00e9rable de\nl\u0027application.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif, plusieurs mesures permettent de r\u00e9duire\nl\u0027impact de l\u0027exploitation de cette vuln\u00e9rabilit\u00e9\u00a0:\n\n-   travailler avec un compte utilisateur aux droits restreints\n    (principe du moindre privil\u00e8ge)\u00a0;\n-   utiliser l\u0027outil de conversion MOICE (Microsoft Office Isolated\n    Conversion Environment) pour convertir tout fichier XLS en XSLX\n    avant son ouverture\u00a0;\n-   activer la mesure (tr\u00e8s restrictive) FileBlock, imposant l\u0027ouverture\n    unique des fichiers au nouveau format XML. Les d\u00e9tails pratiques se\n    trouvent dans l\u0027avis de s\u00e9curit\u00e9 Microsoft\u00a0;\n-   utiliser un logiciel alternatif (visualisateur, tableur ou suite\n    bureautique)\u00a0;\n-   n\u0027ouvrir que des documents issus de sources de confiance\u00a0;\n-   \u00eatre circonspect \u00e0 l\u0027\u00e9gard des pi\u00e8ces jointes de courriels et des\n    documents t\u00e9l\u00e9charg\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0100"
    },
    {
      "name": "CVE-2009-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"
    }
  ],
  "links": [
    {
      "title": "Article du bloc-notes MSRC correspondant :",
      "url": "http://blogs.technet.com/msrc/archive/2009/02/24/microsoft-security-advisory-968272.aspx"
    },
    {
      "title": "Article du bloc-notes SWI correspondant :",
      "url": "http://blogs.technet.com/swi/archive/2009/02/24/more-information-about-the-new-excel-vulnerability.aspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0238 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0238"
    },
    {
      "title": "Avis du CERTA num\u00e9ro CERTA-2009-AVI-147 du 15 avril 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-002/index.html"
    }
  ],
  "reference": "CERTA-2009-ALE-002",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-25T00:00:00.000000"
    },
    {
      "description": "ajout du lien vers le correctif.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sur Microsoft Excel. L\u0027exploitation\nde cette derni\u00e8re par le biais d\u0027un document sp\u00e9cialement con\u00e7u permet \u00e0\nune personne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur\nun poste ayant une version vuln\u00e9rable de l\u0027application.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 968272 du 24 f\u00e9vrier 2009",
      "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
    }
  ]
}

CERTA-2009-ALE-002

Vulnerability from certfr_alerte - Published: - Updated:

Description

Une vulnérabilité a été identifiée sur l'application bureautique Microsoft Excel.

Contournement provisoire

Dans l'attente d'un correctif, plusieurs mesures permettent de réduire l'impact de l'exploitation de cette vulnérabilité :

travailler avec un compte utilisateur aux droits restreints (principe du moindre privilège) ;
utiliser l'outil de conversion MOICE (Microsoft Office Isolated Conversion Environment) pour convertir tout fichier XLS en XSLX avant son ouverture ;
activer la mesure (très restrictive) FileBlock, imposant l'ouverture unique des fichiers au nouveau format XML. Les détails pratiques se trouvent dans l'avis de sécurité Microsoft ;
utiliser un logiciel alternatif (visualisateur, tableur ou suite bureautique) ;
n'ouvrir que des documents issus de sources de confiance ;
être circonspect à l'égard des pièces jointes de courriels et des documents téléchargés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Excel 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office Excel Viewer ;
Microsoft	Office	Microsoft Office Excel 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Office Excel 2002 Service Pack 3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009	None	vendor-advisory
Avis de sécurité Microsoft 968272 du 24 février 2009	None	vendor-advisory
Article du bloc-notes MSRC correspondant :	-	other
Article du bloc-notes SWI correspondant :	-	other
Référence CVE CVE-2009-0238 :	-	other
Avis du CERTA numéro CERTA-2009-AVI-147 du 15 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Excel 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-04-15",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sur l\u0027application bureautique\nMicrosoft Excel.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 par le biais d\u0027un document XLS\nsp\u00e9cialement con\u00e7u permet \u00e0 une personne malveillante d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur un poste ayant une version vuln\u00e9rable de\nl\u0027application.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif, plusieurs mesures permettent de r\u00e9duire\nl\u0027impact de l\u0027exploitation de cette vuln\u00e9rabilit\u00e9\u00a0:\n\n-   travailler avec un compte utilisateur aux droits restreints\n    (principe du moindre privil\u00e8ge)\u00a0;\n-   utiliser l\u0027outil de conversion MOICE (Microsoft Office Isolated\n    Conversion Environment) pour convertir tout fichier XLS en XSLX\n    avant son ouverture\u00a0;\n-   activer la mesure (tr\u00e8s restrictive) FileBlock, imposant l\u0027ouverture\n    unique des fichiers au nouveau format XML. Les d\u00e9tails pratiques se\n    trouvent dans l\u0027avis de s\u00e9curit\u00e9 Microsoft\u00a0;\n-   utiliser un logiciel alternatif (visualisateur, tableur ou suite\n    bureautique)\u00a0;\n-   n\u0027ouvrir que des documents issus de sources de confiance\u00a0;\n-   \u00eatre circonspect \u00e0 l\u0027\u00e9gard des pi\u00e8ces jointes de courriels et des\n    documents t\u00e9l\u00e9charg\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0100"
    },
    {
      "name": "CVE-2009-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"
    }
  ],
  "links": [
    {
      "title": "Article du bloc-notes MSRC correspondant :",
      "url": "http://blogs.technet.com/msrc/archive/2009/02/24/microsoft-security-advisory-968272.aspx"
    },
    {
      "title": "Article du bloc-notes SWI correspondant :",
      "url": "http://blogs.technet.com/swi/archive/2009/02/24/more-information-about-the-new-excel-vulnerability.aspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0238 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0238"
    },
    {
      "title": "Avis du CERTA num\u00e9ro CERTA-2009-AVI-147 du 15 avril 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-002/index.html"
    }
  ],
  "reference": "CERTA-2009-ALE-002",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-25T00:00:00.000000"
    },
    {
      "description": "ajout du lien vers le correctif.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sur Microsoft Excel. L\u0027exploitation\nde cette derni\u00e8re par le biais d\u0027un document sp\u00e9cialement con\u00e7u permet \u00e0\nune personne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur\nun poste ayant une version vuln\u00e9rable de l\u0027application.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 968272 du 24 f\u00e9vrier 2009",
      "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
    }
  ]
}

CERTA-2009-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans Microsoft Excel. L'exploitation de cette vulnérabilité permet à une personne malveillante d'exécuter du code arbitraire à distance par le biais d'un document spécialement construit.

Description

Une vulnérabilité a été identifiée dans l'application bureautique Microsoft Excel.

Cette vulnérabilité est due à la mauvaise interprétation de certains objets des documents XLS, provoquant ainsi une corruption de mémoire. L'exploitation de cette vulnérabilité permet à une personne malintentionnée d'exécuter du code arbitraire via un document XLS spécialement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Excel 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office Excel Viewer ;
Microsoft	Office	Microsoft Office Excel 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Office Excel 2002 Service Pack 3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité MS09-009 du 14 avril 2009	None	vendor-advisory
Alerte du CERTA numéro CERTA-2009-ALE-002 du 25 février 2009 :	-	other
Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009 :	-	other
Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Excel 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027application bureautique\nMicrosoft Excel.\n\nCette vuln\u00e9rabilit\u00e9 est due \u00e0 la mauvaise interpr\u00e9tation de certains\nobjets des documents XLS, provoquant ainsi une corruption de m\u00e9moire.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire via un document XLS\nsp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"
    },
    {
      "name": "CVE-2009-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0100"
    }
  ],
  "links": [
    {
      "title": "Alerte du CERTA num\u00e9ro CERTA-2009-ALE-002 du 25 f\u00e9vrier    2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-002/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-009.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nExcel\u003c/span\u003e. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le\nbiais d\u0027un document sp\u00e9cialement construit.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS09-009 du 14 avril 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Description

Une vulnérabilité a été identifiée dans l'application bureautique Microsoft Excel.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Excel 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office Excel Viewer ;
Microsoft	Office	Microsoft Office Excel 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Office Excel 2002 Service Pack 3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité MS09-009 du 14 avril 2009	None	vendor-advisory
Alerte du CERTA numéro CERTA-2009-ALE-002 du 25 février 2009 :	-	other
Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009 :	-	other
Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Excel 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027application bureautique\nMicrosoft Excel.\n\nCette vuln\u00e9rabilit\u00e9 est due \u00e0 la mauvaise interpr\u00e9tation de certains\nobjets des documents XLS, provoquant ainsi une corruption de m\u00e9moire.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire via un document XLS\nsp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"
    },
    {
      "name": "CVE-2009-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0100"
    }
  ],
  "links": [
    {
      "title": "Alerte du CERTA num\u00e9ro CERTA-2009-ALE-002 du 25 f\u00e9vrier    2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-002/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-009.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nExcel\u003c/span\u003e. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le\nbiais d\u0027un document sp\u00e9cialement construit.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS09-009 du 14 avril 2009",
      "url": null
    }
  ]
}

FKIE_CVE-2009-0100

Vulnerability from fkie_nvd - Published: 2009-04-15 08:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/53665
secure@microsoft.com	http://www.fortiguardcenter.com/advisory/FGA-2009-16.html
secure@microsoft.com	http://www.securityfocus.com/archive/1/502696/100/0/threaded
secure@microsoft.com	http://www.securitytracker.com/id?1022039
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1023
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53665
af854a3a-2127-422b-91ae-364da2661108	http://www.fortiguardcenter.com/advisory/FGA-2009-16.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502696/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022039
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1023
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043

Impacted products

Vendor	Product	Version
microsoft	office	2004
microsoft	office	2008
microsoft	office_compatibility_pack_for_word_excel_ppt_2007	*
microsoft	office_excel	2000
microsoft	office_excel	2002
microsoft	office_excel	2003
microsoft	office_excel	2007
microsoft	office_excel_viewer	*
microsoft	office_excel_viewer	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1; Excel en Microsoft Office 2004 y 2008 para Mac; Microsoft Office Excel Viewer y Excel Viewer 2003 SP3; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 no parsea adecuadamente el fichero con formato de hoja de c\u00e1lculo Excel, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo manipulada que contiene un objeto mal formado, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria\"."
    }
  ],
  "id": "CVE-2009-0100",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-15T08:00:00.530",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/53665"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022039"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-0100

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0100

Aliases

CVE-2009-0100

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0100",
    "description": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\"",
    "id": "GSD-2009-0100"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0100"
      ],
      "details": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\"",
      "id": "GSD-2009-0100",
      "modified": "2023-12-13T01:19:44.557981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-0100",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-1023",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1023"
          },
          {
            "name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
          },
          {
            "name": "TA09-104A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "name": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html",
            "refsource": "MISC",
            "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
          },
          {
            "name": "MS09-009",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
          },
          {
            "name": "oval:org.mitre.oval:def:6043",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
          },
          {
            "name": "53665",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53665"
          },
          {
            "name": "1022039",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022039"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0100"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with \"an offset and a two-byte value\" that trigger a memory calculation error, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022039",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022039"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "53665",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53665"
            },
            {
              "name": "ADV-2009-1023",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1023"
            },
            {
              "name": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-16.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6043",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043"
            },
            {
              "name": "20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/502696/100/0/threaded"
            },
            {
              "name": "MS09-009",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:49Z",
      "publishedDate": "2009-04-15T08:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0100 (GCVE-0-2009-0100)

GHSA-4MHF-PW3Q-X8RP

CERTA-2009-ALE-002

Description

Contournement provisoire

Solution

CERTA-2009-ALE-002

Description

Contournement provisoire

Solution

CERTA-2009-AVI-147

Description

Solution

CERTA-2009-AVI-147

Description

Solution

FKIE_CVE-2009-0100

GSD-2009-0100

Tags

Sightings

Nomenclature