Multiple vulnerabilities in Microsoft Excel
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2009-1134 CVE-2009-0561 CVE-2009-0560 CVE-2009-0559 CVE-2009-0558 CVE-2009-0557 CVE-2009-0549 |
| CWE-ID | CWE-119 CWE-190 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. |
| Vulnerable software Subscribe |
Microsoft Excel Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications Excel Viewer Client/Desktop applications / Office applications Microsoft Excel for Mac Client/Desktop applications / Office applications Microsoft SharePoint Server Server applications / Application servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU1371
Risk: Critical
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2009-1134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed record pointer, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.
Install update from vendor's website:
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
Microsoft Excel: 2007
Microsoft Office: 2007
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
http://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Integer Overflow or Wraparound
EUVDB-ID: #VU1370
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-0561
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed object record, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
https://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
http://go.microsoft.com/fwlink/?LinkID=124653
Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
https://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
http://go.microsoft.com/fwlink/?LinkID=124653
Excel Viewer: 2003
Microsoft Excel: 2000 - 2007
Microsoft Excel for Mac: 2004 - 2008
Microsoft Office: 2000 - XP
Microsoft SharePoint Server: 2007
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU1369
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-0560
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to field sanitization error when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed record object, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office: 2000 - XP
Microsoft Excel: 2000 - 2007
Excel Viewer: 2003
Microsoft Excel for Mac: 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU1367
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-0559
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing an overly long string copy, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Excel: 2000 - 2002
Microsoft Office: 2000 - XP
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU1366
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-0558
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to array indexing error when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed object record, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Excel: 2004
Microsoft Excel for Mac: 2004 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU1362
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2009-0557
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel Viewer:
https://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
https://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office: 2000 - XP
Microsoft Excel: 2000 - 2007
Excel Viewer: 2003
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Buffer overflow
EUVDB-ID: #VU1359
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-0549
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2004:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office for Mac 2008:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Open XML File Converter for MAC:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Excel for Mac: 2004 - 2008
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Office: 2000 - XP
External linkshttp://technet.microsoft.com/en-us/library/security/ms09-021.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
