CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
Added: 09/11/2009
CVE: CVE-2009-1134
BID: 35246
OSVDB: 54958
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A memory corruption vulnerability allows command execution when a user closes a spreadsheet file containing a specially crafted Qsir record.
Apply the patch referenced in Microsoft Security Bulletin 09-021.
<http://www.zerodayinitiative.com/advisories/ZDI-09-040/>
Exploit works on Microsoft Excel 2007 SP1 and requires a user to open and then close the exploit file in Microsoft Excel.
There may be a delay before the exploit succeeds after the file is closed.
This exploit requires the IO::Uncompress and Compress::Zlib PERL modules.
Windows XP