Multiple vulnerabilities in Microsoft Excel



Published: 2009-06-09 | Updated: 2016-12-16
Risk Critical
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2009-1134
CVE-2009-0561
CVE-2009-0560
CVE-2009-0559
CVE-2009-0558
CVE-2009-0557
CVE-2009-0549
CWE-ID CWE-119
CWE-190
CWE-121
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #6 is being exploited in the wild.
Vulnerable software
Subscribe
Microsoft Excel
Client/Desktop applications / Office applications

Microsoft Office
Client/Desktop applications / Office applications

Excel Viewer
Client/Desktop applications / Office applications

Microsoft Excel for Mac
Client/Desktop applications / Office applications

Microsoft SharePoint Server
Server applications / Application servers

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU1371

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2009-1134

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed record pointer, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2

Vulnerable software versions

Microsoft Excel: 2007

Microsoft Office: 2007


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx
http://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Integer Overflow or Wraparound

EUVDB-ID: #VU1370

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0561

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability alows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed object record, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
https://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
http://go.microsoft.com/fwlink/?LinkID=124653
Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
https://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
http://go.microsoft.com/fwlink/?LinkID=124653

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2000 - 2007

Microsoft Excel for Mac: 2004 - 2008

Microsoft Office: 2000 - XP

Microsoft SharePoint Server: 2007


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Memory corruption

EUVDB-ID: #VU1369

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0560

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to field sanitization error when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed record object, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
http://go.microsoft.com/fwlink/?LinkID=143568

Vulnerable software versions

Microsoft Office: 2000 - XP

Microsoft Excel: 2000 - 2007

Excel Viewer: 2003

Microsoft Excel for Mac: 2008


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Stack-based buffer overflow

EUVDB-ID: #VU1367

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0559

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing an overly long string copy, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568

Vulnerable software versions

Microsoft Excel: 2000 - 2002

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Memory corruption

EUVDB-ID: #VU1366

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0558

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to array indexing error when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed object record, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481

Vulnerable software versions

Microsoft Excel: 2004

Microsoft Excel for Mac: 2004 - 2008


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU1362

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0557

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
http://go.microsoft.com/fwlink/?LinkID=143568

Vulnerable software versions

Microsoft Office: 2000 - XP

Microsoft Excel: 2000 - 2007

Excel Viewer: 2003


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Buffer overflow

EUVDB-ID: #VU1359

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0549

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568

Vulnerable software versions

Microsoft Excel for Mac: 2004 - 2008

Excel Viewer: 2003

Microsoft Excel: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###