CVE-2009-0549

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
52.1%
top 2.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft OfficeMicrosoft Office ExcelMicrosoft Office Excel Viewer+1 more
Timeline
PublishedJun 10
Latest updateMay 2

Description

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmicrosoft/office_excel2000, 2003, 2007+2
NVDmicrosoft/office2004, 2008, xp+2

🔴Vulnerability Details

2
GHSA
GHSA-3rg2-hc5h-p32j: Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Micr2022-05-02
CVEList
CVE-2009-0549: Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Micr2009-06-10

💥Exploits & PoCs

1
Exploit-DB
Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities2005-05-07
CVE-2009-0549 (CRITICAL CVSS 9.3) | Excel in Microsoft Office 2000 SP3 | cvebase.io