CVE-2009-0238
CVE-2009-0238
In short
Microsoft Excel versions could execute malicious code when opening specially crafted spreadsheet files. An attacker could trick someone into opening a rigged Excel document to gain full control of their computer.
Technical detail
Remote code execution vulnerability in multiple Microsoft Excel versions (2000-2007) and Excel Viewer triggered by malformed worksheet objects that cause invalid memory access. Exploitation requires user interaction (opening a crafted .xls file); the vulnerability was actively exploited in the wild by Trojan.Mdropper.AC in February 2009.
Summary generated and translated by AI from the official description.
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.zdnet.com/security/?p=2658http://isc.sans.org/diary.html?storyid=5923https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009http://securitytracker.com/id?1021744https://exchange.xforce.ibmcloud.com/vulnerabilities/48875https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238http://www.microsoft.com/technet/security/advisory/968272.mspxhttp://www.securityfocus.com/bid/33870http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlhttp://www.vupen.com/english/advisories/2009/1023