CVE-2009-0238

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
microsoftexcel_viewer
*
microsoftoffice_excel_viewer
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.zdnet.com/security/?p=2658
http://isc.sans.org/diary.html?storyid=5923
http://securitytracker.com/id?1021744
http://www.microsoft.com/technet/security/advisory/968272.mspx
http://www.securityfocus.com/bid/33870
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
http://www.vupen.com/english/advisories/2009/1023
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
https://exchange.xforce.ibmcloud.com/vulnerabilities/48875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968
http://blogs.zdnet.com/security/?p=2658
http://isc.sans.org/diary.html?storyid=5923
http://securitytracker.com/id?1021744
http://www.microsoft.com/technet/security/advisory/968272.mspx
http://www.securityfocus.com/bid/33870
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
http://www.vupen.com/english/advisories/2009/1023
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
https://exchange.xforce.ibmcloud.com/vulnerabilities/48875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968