CVE-2009-3131

CWE-94 — Code Injection4 documents4 sources

Severity

9.3CRITICAL

EPSS

54.2%

top 1.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Compatibility Pack Word Excel Powerpoint Microsoft Excel Microsoft Excel Viewer +1 more

Timeline

PublishedNov 11

Latest updateMay 2

Description

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/compatibility_pack_word_excel_powerpoint2007

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/excel2002, 2003, 2007+2

▶NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

GHSA

GHSA-mfmc-fxm6-3cgf: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Vi↗2022-05-02

▶

CVEList

CVE-2009-3131: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Vi↗2009-11-11

▶

💬Community

Bugzilla

CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)↗2009-11-05

▶