CVE-2009-0100
published 2009-04-15CVE-2009-0100: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel…
PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
29.04%
97.9th percentile
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office_excel | — | — |
| microsoft | office_excel | — | — |
| microsoft | office_excel | — | — |
| microsoft | office_excel | — | — |
| microsoft | office_excel_viewer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zabbix Server - Multiple Vulnerabilities
exploitdb·2009-12-14
CVE-2009-4501 Zabbix Server - Multiple Vulnerabilities
Zabbix Server - Multiple Vulnerabilities
---
Zabbix Server : Multiple remote vulnerabilities From: Nicob
Date: Sun, 13 Dec 2009 16:28:35 +0100
From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."
[Zabbix Server : Remote command execution]
Impacted software : Zabbix Server
Zabbix reference : https://support.zabbix.com/browse/ZBX-1030
Patched version : 1.8
Faulty source code : function node_process_command() in
zabbix_server/trapper/nodecommand.c
Changelog entry : fixed security vulnerability in server allowing remote
unauthenticated users to execute scripts
[Zabbix Server : Remote SQL execution]
Impacted software : Zabbix Server
Zabbix reference : https:
Exploit-DB
Zabbix Agent < 1.6.7 - Remote Bypass
exploitdb·2009-12-14
CVE-2009-4502 Zabbix Agent < 1.6.7 - Remote Bypass
Zabbix Agent
Date: Sun, 13 Dec 2009 16:28:30 +0100
From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."
[Zabbix Agent : Bypass of EnableRemoteCommands=0]
Impacted software : Zabbix Agent (FreeBSD and Solaris only)
Zabbix reference : https://support.zabbix.com/browse/ZBX-1032
Patched version : 1.6.7
Faulty source code : function NET_TCP_LISTEN() in
libs/zbxsysinfo/(freebsd|solaris)/net.c
Exploit : $> echo "net.tcp.listen[80';id;echo ']"|nc -vn xxxxx 10050
Limitation : attacker must come from (or spoof) a trusted IP address
Changelog entry : fixed security vulnerability in processing of
net.tcp.listen under FreeBSD and Solaris agents
Bugzilla
CVE-2009-5054 php-Smarty: Does not consider the umask value when setting the permissions of files
bugzilla·2011-10-25·CVSS 7.5
CVE-2009-5054 [HIGH] CVE-2009-5054 php-Smarty: Does not consider the umask value when setting the permissions of files
CVE-2009-5054 php-Smarty: Does not consider the umask value when setting the permissions of files
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5054 to
the following vulnerability:
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5054
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Discussion:
Relevant Changelog entry:
------- beta 4
11/18/2009
- observe umask settings when setting file permissions
And particular SVN log entry to it:
r3351 | Uwe.Tews | 2009-11-18 18:25:18 +0100 (Wed, 18 Nov 2009) | 3 lines
- ob
Bugzilla
CVE-2009-5052 php-Smarty: Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6
bugzilla·2011-10-25·CVSS 10.0
CVE-2009-5052 [CRITICAL] CVE-2009-5052 php-Smarty: Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6
CVE-2009-5052 php-Smarty: Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5052 to
the following vulnerability:
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5052
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Discussion:
From the look at the Smarty changelog [2] the security flaws fixed in v3.0.0 before beta 6 are as follows (relevant SVN log records are listed too):
* 12/28/2009
- update for security fixes
SVN log entry:
r3416 | Uwe.Tews | 2009-12-28 16:27:13 +0100 (Mon, 28 Dec 2009) | 2 lines
- update for security fixes
- make modifie
Bugzilla
CVE-2009-4026 CVE-2009-4027 kernel: mac80211: fix spurious delBA handling
bugzilla·2009-11-25·CVSS 7.8
CVE-2009-4026 [HIGH] CVE-2009-4026 CVE-2009-4027 kernel: mac80211: fix spurious delBA handling
CVE-2009-4026 CVE-2009-4027 kernel: mac80211: fix spurious delBA handling
Lennert Buytenhek noticed that delBA handling in mac80211 was broken and has remotely triggerable problems, some of which are due to some code shuffling I did that ended up changing the order in which things were done -- this was
commit d75636ef9c1af224f1097941879d5a8db7cd04e5
Author: Johannes Berg
Date: Tue Feb 10 21:25:53 2009 +0100
mac80211: RX aggregation: clean up stop session
and other parts were already present in the original
commit d92684e66091c0f0101819619b315b4bb8b5bcc5
Author: Ron Rindjunsky
Date: Mon Jan 28 14:07:22 2008 +0200
mac80211: A-MPDU Tx add delBA from recipient support
The first problem is that I moved a BUG_ON before various checks -- thereby making it possible to hit. As the comment in
http://osvdb.org/53665http://www.fortiguardcenter.com/advisory/FGA-2009-16.htmlhttp://www.securityfocus.com/archive/1/502696/100/0/threadedhttp://www.securitytracker.com/id?1022039http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlhttp://www.vupen.com/english/advisories/2009/1023https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043http://osvdb.org/53665http://www.fortiguardcenter.com/advisory/FGA-2009-16.htmlhttp://www.securityfocus.com/archive/1/502696/100/0/threadedhttp://www.securitytracker.com/id?1022039http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlhttp://www.vupen.com/english/advisories/2009/1023https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043
2009-04-15
Published