CVE-2009-0559

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

53.3%

top 2.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Excel Microsoft Office Excel Viewer +1 more

Timeline

PublishedJun 10

Latest updateMay 2

Description

Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/office_excel2000, 2003, 2007+2

▶NVDmicrosoft/office_excel_viewer2003

▶NVDmicrosoft/office2004, 2008, xp+2

▶NVDmicrosoft/office_sharepoint_server2007

🔴Vulnerability Details

GHSA

GHSA-vwm5-4pv2-47qx: Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Ex↗2022-05-02

▶

CVEList

CVE-2009-0559: Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Ex↗2009-06-10

▶