CVE-2009-1134

CWE-94 — Code Injection5 documents5 sources

Severity

9.3CRITICAL

EPSS

51.1%

top 2.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Excel Microsoft Office Excel Viewer +1 more

Timeline

PublishedJun 10

Latest updateMay 2

Description

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/office_excel_viewer2003

▶NVDmicrosoft/office_excel2000, 2003, 2007+2

▶NVDmicrosoft/office2004, 2008, xp+2

▶NVDmicrosoft/office_sharepoint_server2007

🔴Vulnerability Details

GHSA

GHSA-6rcx-mjhp-hmpc: Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPo↗2022-05-02

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

CVEList

CVE-2009-1134: Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPo↗2009-06-10

▶

VulnCheck

Microsoft Office Improper Control of Generation of Code ('Code Injection')↗2009

▶