CVE-2009-0100
Summary
| CVE | CVE-2009-0100 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-15 08:00:00 UTC |
| Updated | 2018-10-12 21:49:00 UTC |
| Description | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office | 2004 | All | mac | All |
| Application | Microsoft | Office | 2008 | All | mac | All |
| Application | Microsoft | Office | 2004 | All | mac | All |
| Application | Microsoft | Office | 2008 | All | mac | All |
| Application | Microsoft | Office Compatibility Pack For Word Excel Ppt 2007 | All | sp1 | All | All |
| Application | Microsoft | Office Compatibility Pack For Word Excel Ppt 2007 | All | sp1 | All | All |
| Application | Microsoft | Office Excel | 2000 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2002 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2003 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2007 | sp1 | All | All |
| Application | Microsoft | Office Excel | 2000 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2002 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2003 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2007 | sp1 | All | All |
| Application | Microsoft | Office Excel Viewer | All | All | All | All |
| Application | Microsoft | Office Excel Viewer | 2003 | sp3 | All | All |
| Application | Microsoft | Office Excel Viewer | All | All | All | All |
| Application | Microsoft | Office Excel Viewer | 2003 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| US-CERT Technical Cyber Security Alert TA09-104A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| 53665 | OSVDB | osvdb.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| FortiGuard | Microsoft Office Excel Memory Corruption Vulnerability | MISC | www.fortiguardcenter.com | |
| Microsoft Excel Malformed Object Memory Corruption Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Microsoft Security Bulletin MS09-009 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.