Multiple vulnerabilities in Microsoft Office

Published: 2009-11-10 | Updated: 2017-03-21

Risk	High
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2009-3127 CVE-2009-3128 CVE-2009-3129 CVE-2009-3130 CVE-2009-3131 CVE-2009-3132 CVE-2009-3133 CVE-2009-3134
CWE-ID	CWE-119 CWE-122
Exploitation vector	Network
Public exploit	Vulnerability #3 is being exploited in the wild.
Vulnerable software Subscribe	Excel Viewer Client/Desktop applications / Office applications Microsoft Excel Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications
Vendor	Microsoft

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU6139

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3127

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted .xls file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2002 - 2003

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002 - 2003

CPE2.3

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU6140

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3128

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted .xls file containing a malformed record object, trick the victim into opening it, trigger SxView memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2002 - 2003

Microsoft Office: 2002 - 2003

CPE2.3

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU6141

Risk: High

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2009-3129

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted .xls file containing a malformed record object, trick the victim into opening it, trigger Featheader record memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2002 - 2007

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002 - 2007

CPE2.3

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Heap-based buffer overflow

EUVDB-ID: #VU6143

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3130

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted .xls file containing malformed Binary File Format (BIFF) records, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Excel: 2002

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002

CPE2.3

cpe:2.3:a:microsoft:microsoft_excel:2002:*:*:*:*:microsoft_office:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU6144

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3131

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted .xls file containing a malformed formula embedded inside a cell, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2002 - 2007

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002 - 2007

CPE2.3

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU6147

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3132

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to pointer corruption error when loading Excel formulas. A remote attacker can create a specially crafted .xls file containing a malformed formula, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2002 - 2007

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002 - 2007

CPE2.3

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU6148

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3133

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when loading Excel records. A remote attacker can create a specially crafted .xls file containing a malformed object, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Excel: 2002

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002

CPE2.3

cpe:2.3:a:microsoft:microsoft_excel:2002:*:*:*:*:microsoft_office:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory corruption

EUVDB-ID: #VU6149

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-3134

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted .xls file containing a malformed record object, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Excel Viewer: 2003

Microsoft Excel: 2002 - 2007

Microsoft Office for Mac: 2004 - 2008

Microsoft Office: 2002 - 2007

CPE2.3

cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Full software list in CPE2.3 format available after registration.

External links

http://technet.microsoft.com/en-us/library/security/ms09-067.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.