CVE-2009-0558

Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*
cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*

History

21 Nov 2024, 01:00

Type Values Removed Values Added
References () http://osvdb.org/54954 - () http://osvdb.org/54954 -
References () http://secunia.com/secunia_research/2009-1/ - Vendor Advisory () http://secunia.com/secunia_research/2009-1/ - Vendor Advisory
References () http://www.securityfocus.com/archive/1/504188/100/0/threaded - () http://www.securityfocus.com/archive/1/504188/100/0/threaded -
References () http://www.securityfocus.com/bid/35242 - () http://www.securityfocus.com/bid/35242 -
References () http://www.securitytracker.com/id?1022351 - () http://www.securitytracker.com/id?1022351 -
References () http://www.us-cert.gov/cas/techalerts/TA09-160A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-160A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2009/1540 - () http://www.vupen.com/english/advisories/2009/1540 -
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525 -

Information

Published : 2009-06-10 18:30

Updated : 2024-11-21 01:00


NVD link : CVE-2009-0558

Mitre link : CVE-2009-0558

CVE.ORG link : CVE-2009-0558


JSON object : View

Products Affected

microsoft

  • office
  • office_excel_viewer
  • open_xml_file_format_converter
  • office_compatibility_pack_for_word_excel_ppt_2007
  • office_excel
  • office_sharepoint_server
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')