CVE-2009-0558
Summary
| CVE | CVE-2009-0558 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-06-10 18:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office | 2004 | All | mac | All |
| Application | Microsoft | Office | 2008 | All | mac | All |
| Application | Microsoft | Office | xp | sp3 | All | All |
| Application | Microsoft | Office Compatibility Pack For Word Excel Ppt 2007 | All | sp1 | All | All |
| Application | Microsoft | Office Compatibility Pack For Word Excel Ppt 2007 | All | sp2 | All | All |
| Application | Microsoft | Office Excel | 2000 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2003 | sp3 | All | All |
| Application | Microsoft | Office Excel | 2007 | sp1 | All | All |
| Application | Microsoft | Office Excel | 2007 | sp2 | All | All |
| Application | Microsoft | Office Excel Viewer | All | All | All | All |
| Application | Microsoft | Office Excel Viewer | 2003 | sp3 | All | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp1 | x32 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp1 | x64 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | x32 | All |
| Application | Microsoft | Office Sharepoint Server | 2007 | sp2 | x64 | All |
| Application | Microsoft | Open Xml File Format Converter | All | All | mac | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Security Bulletin MS09-021 - Critical | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| US-CERT Technical Cyber Security Alert TA09-160A -- Microsoft Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| osvdb.org/54954 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| SecurityTracker.com Archives - Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Vulnerabilities - Secunia Research - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Microsoft Excel Array Indexing Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.