#VU1366 Memory corruption in Microsoft Excel and Microsoft Excel for macOS - CVE-2009-0558 

 

#VU1366 Memory corruption in Microsoft Excel and Microsoft Excel for macOS - CVE-2009-0558

Published: December 16, 2016 / Updated: January 9, 2017


Vulnerability identifier: #VU1366
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2009-0558
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Microsoft Excel
Microsoft Excel for macOS
Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to array indexing error when parsing the Excel spreadsheet file format. A remote attacker can create a specially crafted Excel file containing a malformed object record, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation


External links