Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) |
Informations | |||
---|---|---|---|
Name | MS09-009 | First vendor Publication | 2009-04-14 |
Vendor | Microsoft | Last vendor Modification | 2009-04-22 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (April 22, 2009): Added Excel Viewer 2003 Service Pack 3 to the MBSA and SMS tables in the section, Detection and Deployment Tools and Guidance. This is an informational change only. There were no changes to the security update binaries or detection logic.Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Office Excel. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5968 | |||
Oval ID: | oval:org.mitre.oval:def:5968 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0238 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6043 | |||
Oval ID: | oval:org.mitre.oval:def:6043 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0100 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 2 | |
Application | 1 | |
Application | 1 | |
Application | 4 | |
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Excel SST record code execution | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-03-18 | Name : Microsoft Excel Remote Code Execution Vulnerabilities (968557) File : nvt/secpod_ms_excel_remote_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53665 | Microsoft Office Excel Malformed Object Handling Memory Corruption |
52695 | Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified ... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Excel malformed ftCMO record remote code execution attempt RuleID : 26711 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Excel malformed object record remote code execution attempt RuleID : 15465 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Excel extrst record arbitrary code excecution attempt RuleID : 15365 - Revision : 16 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms09-009.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : It is possible to execute arbitrary code on the remote Windows host using Mic... File : smb_nt_ms09-009.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:11 |
|
2014-01-19 21:30:18 |
|