Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-0238
HistoryFeb 25, 2009 - 4:30 p.m.

CVE-2009-0238

2009-02-2516:30:00
CWE-94
[email protected]
web.nvd.nist.gov
42
microsoft office
excel
remote code execution
vulnerability
cve-2009-0238
nvd
security

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.611 Medium

EPSS

Percentile

97.8%

JSON

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Affected configurations

NVD
Node
microsoftexcelMatch2004mac
OR
microsoftexcel_viewer
OR
microsoftofficeMatch2008mac
OR
microsoftoffice_compatibility_packMatch2007sp1
OR
microsoftoffice_excelMatch2000sp3
OR
microsoftoffice_excelMatch2002sp3
OR
microsoftoffice_excelMatch2003sp3
OR
microsoftoffice_excelMatch2007sp1
OR
microsoftoffice_excel_viewer
OR
microsoftoffice_excel_viewerMatch2003gold
OR
microsoftoffice_excel_viewerMatch2003sp3

Related

saint 4
cvelist 1
prion 1
nvd 1
openvas 2
securityvulns 2
checkpoint_advisories 2
nessus 2
threatpost 1
saint
saint
Microsoft Excel SST record code execution
2009-04-23 00:00:00
Microsoft Excel SST record code execution
2009-04-23 00:00:00
Microsoft Excel SST record code execution
2009-04-23 00:00:00
cvelist
cvelist
CVE-2009-0238
2009-02-25 16:00:00
prion
prion
Code injection
2009-02-25 16:30:00
nvd
nvd
CVE-2009-0238
2009-02-25 16:30:00
openvas
openvas
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
2009-03-18 00:00:00
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
2009-03-18 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-009 - Critical Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
2009-04-14 00:00:00
Microsoft Excel multiple memory corruptions
2009-04-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)
2008-03-13 00:00:00
Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)
2008-03-13 00:00:00
nessus
nessus
MS09-009: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) (Mac OS X)
2010-10-20 00:00:00
MS09-009: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
2009-04-15 00:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.611 Medium

EPSS

Percentile

97.8%

JSON
Related for CVE-2009-0238
saint4cvelist1prion1nvd1openvas2securityvulns2checkpoint_advisories2nessus2threatpost1