Record Pointer Corruption in Microsoft Excel and Office Products
CVE-2009-0549

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Excel; Office Sharepoint Server
Vendor: CVE Published:; 10 June 2009

Summary

This vulnerability in Microsoft Excel products allows remote attackers to execute arbitrary code by sending a specially crafted Excel file containing a malformed record object. A successful exploit could potentially give the attacker the same user rights as the local user, leading to unauthorized access and manipulation of data. The affected versions include various releases of Microsoft Office and the Office Excel Viewer, exposing users to significant risks when handling untrusted Excel files.

References

http://www.vupen.com/english/advisories/2009/1540

vdb-entryx_refsource_VUPEN

http://osvdb.org/54952

vdb-entryx_refsource_OSVDB

http://www.securitytracker.com/id?1022351

vdb-entryx_refsource_SECTRACK

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2009
Vulnerability Reserved
Feb 12, 2009