{"api_version":"1","generated_at":"2026-04-23T11:49:44+00:00","cve":"CVE-2009-0558","urls":{"html":"https://cve.report/CVE-2009-0558","api":"https://cve.report/api/cve/CVE-2009-0558.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0558","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0558"},"summary":{"title":"CVE-2009-0558","description":"Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2009-06-10 18:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-94","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS09-021 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/504188/100/0/threaded","name":"http://www.securityfocus.com/archive/1/504188/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-160A.html","name":"http://www.us-cert.gov/cas/techalerts/TA09-160A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA09-160A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/54954","name":"http://osvdb.org/54954","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1022351","name":"http://www.securitytracker.com/id?1022351","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1540","name":"http://www.vupen.com/english/advisories/2009/1540","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2009-1/","name":"http://secunia.com/secunia_research/2009-1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Vulnerabilities - Secunia Research - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/35242","name":"http://www.securityfocus.com/bid/35242","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Excel Array Indexing Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0558","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0558","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2004","cpe7":"*","cpe8":"mac","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2008","cpe7":"*","cpe8":"mac","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"xp","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack_for_word_excel_ppt_2007","cpe6":"*","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack_for_word_excel_ppt_2007","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_excel","cpe6":"2000","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_excel","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_excel","cpe6":"2007","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_excel","cpe6":"2007","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_excel_viewer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_excel_viewer","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_sharepoint_server","cpe6":"2007","cpe7":"sp1","cpe8":"x32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_sharepoint_server","cpe6":"2007","cpe7":"sp1","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_sharepoint_server","cpe6":"2007","cpe7":"sp2","cpe8":"x32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_sharepoint_server","cpe6":"2007","cpe7":"sp2","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"558","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"open_xml_file_format_converter","cpe6":"*","cpe7":"*","cpe8":"mac","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:40:04.026Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2009-1540","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1540"},{"name":"20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/504188/100/0/threaded"},{"name":"35242","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/35242"},{"name":"1022351","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022351"},{"name":"MS09-021","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"},{"name":"54954","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/54954"},{"name":"TA09-160A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-160A.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://secunia.com/secunia_research/2009-1/"},{"name":"oval:org.mitre.oval:def:11525","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-06-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"ADV-2009-1540","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1540"},{"name":"20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/504188/100/0/threaded"},{"name":"35242","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/35242"},{"name":"1022351","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022351"},{"name":"MS09-021","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"},{"name":"54954","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/54954"},{"name":"TA09-160A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-160A.html"},{"tags":["x_refsource_MISC"],"url":"http://secunia.com/secunia_research/2009-1/"},{"name":"oval:org.mitre.oval:def:11525","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2009-0558","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2009-1540","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1540"},{"name":"20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/504188/100/0/threaded"},{"name":"35242","refsource":"BID","url":"http://www.securityfocus.com/bid/35242"},{"name":"1022351","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022351"},{"name":"MS09-021","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"},{"name":"54954","refsource":"OSVDB","url":"http://osvdb.org/54954"},{"name":"TA09-160A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA09-160A.html"},{"name":"http://secunia.com/secunia_research/2009-1/","refsource":"MISC","url":"http://secunia.com/secunia_research/2009-1/"},{"name":"oval:org.mitre.oval:def:11525","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2009-0558","datePublished":"2009-06-10T18:00:00.000Z","dateReserved":"2009-02-12T00:00:00.000Z","dateUpdated":"2024-08-07T04:40:04.026Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-06-10 18:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-94","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*","matchCriteriaId":"9409A9BD-1E9B-49B8-884F-8FE569D8AA25"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*","matchCriteriaId":"5BA91840-371C-4282-9F7F-B393F785D260"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*","matchCriteriaId":"79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*","matchCriteriaId":"34C5FEAD-4B4B-44EB-9F3A-05093347A2F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*","matchCriteriaId":"3382DE96-A3CD-4094-9828-2955472BBE2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*","matchCriteriaId":"806086B6-AB83-4008-A1A2-73BC35A95925"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"AD22DBA8-40B0-4197-9D56-38D5D9E1ED89"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*","matchCriteriaId":"297A9F48-13DF-4042-AC21-B8B764B217BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*","matchCriteriaId":"F03E302A-83DE-46FF-9044-09230841BD2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*","matchCriteriaId":"4A2613CE-C469-43AE-A590-87CE1FAADA8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"B18C291F-57C2-4328-8FCF-3C1A27B0D18D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*","matchCriteriaId":"E013CE59-0ABF-4542-A9E9-D295AA0FC2A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*","matchCriteriaId":"C0AEECDD-BBD0-4042-8A47-D66670A6DC6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*","matchCriteriaId":"91A3E58F-E2FE-4346-9083-58C963171A73"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*","matchCriteriaId":"6BE07062-6299-4371-BD74-BA7F7840DBA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*","matchCriteriaId":"3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"558","Ordinal":"1","Title":"CVE-2009-0558","CVE":"CVE-2009-0558","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"558","Ordinal":"1","NoteData":"Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\"","Type":"Description","Title":"CVE-2009-0558"},{"CveYear":"2009","CveId":"558","Ordinal":"2","NoteData":"2009-06-10","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"558","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}