CVE-2009-0558

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

53.8%

top 2.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Excel Microsoft Office Excel Viewer +1 more

Timeline

PublishedJun 10

Latest updateMay 2

Description

Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/office_excel2000, 2003, 2007+2

▶NVDmicrosoft/office_excel_viewer2003

▶NVDmicrosoft/office2004, 2008, xp+2

▶NVDmicrosoft/office_sharepoint_server2007

🔴Vulnerability Details

GHSA

GHSA-3pjh-hjmx-5pvh: Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote at↗2022-05-02

▶

CVEList

CVE-2009-0558: Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote at↗2009-06-10

▶