Main Vulnerability Database Vulnerabilities #VU1367

Stack-based buffer overflow in Microsoft Excel and Microsoft Office - CVE-2009-0559

Published: December 16, 2016 / Updated: March 16, 2017

Vulnerability identifier: #VU1367

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2009-0559

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Excel
Microsoft Office

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when parsing of the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing an overly long string copy, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

How to mitigate CVE-2009-0559

Install update from vendor's website:

Microsoft Office Excel 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office Excel 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
http://go.microsoft.com/fwlink/?LinkID=143568

Sources

https://technet.microsoft.com/en-us/library/security/ms09-021.aspx

Stack-based buffer overflow in Microsoft Excel and Microsoft Office - CVE-2009-0559

Detailed vulnerability description

How to mitigate CVE-2009-0559

Sources

Please verify you're human