CVE-2009-0557
CVE-2009-0557
In short
A flaw in Microsoft Excel allows attackers to run malicious code on a computer by sending a specially crafted Excel file with a corrupted object record. When a victim opens the file, the attacker's code can execute without permission.
Technical detail
This vulnerability exploits improper handling of malformed object records in Excel files (CWE-94: Improper Control of Generation of Code), allowing remote code execution via a crafted spreadsheet. The attack vector is file-based; the precondition requires user interaction to open the malicious Excel file. The impact is arbitrary code execution with the privileges of the user opening the file.
Summary generated and translated by AI from the official description.
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/54953https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0557http://www.securityfocus.com/bid/35241http://www.securitytracker.com/id?1022351http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1540