CVE-2009-3133

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

54.2%

top 1.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Compatibility Pack Word Excel Powerpoint Microsoft Excel Microsoft Excel Viewer +1 more

Timeline

PublishedNov 11

Latest updateMay 2

Description

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/excel2002, 2003, 2007+2

▶NVDmicrosoft/excel_viewer2003

▶NVDmicrosoft/compatibility_pack_word_excel_powerpoint2007

▶NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

GHSA

GHSA-crgw-fph4-cgrp: Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary↗2022-05-02

▶

CVEList

CVE-2009-3133: Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary↗2009-11-11

▶