CVE-2009-0238

Published Feb 25, 2009

Last updated a day ago

CVSS high 8.8

Overview

Description: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
Source: secure@microsoft.com
NVD status: Deferred
Products: excel, excel_viewer, office, office_compatibility_pack, office_excel, office_excel_viewer

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
            "matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
            "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*",
            "matchCriteriaId": "D2289060-BDF3-4F45-B256-FE3DBA8181E8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References