Integer Overflow Vulnerability in Microsoft Excel Products
CVE-2009-0561

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Excel; Office Sharepoint Server
Vendor: CVE Published:; 10 June 2009

Summary

An integer overflow vulnerability exists in Microsoft Excel that allows remote attackers to execute arbitrary code. By crafting an Excel file containing a Shared String Table (SST) record with a numeric field that specifies an invalid count of unique strings, an attacker can trigger a heap-based buffer overflow, potentially compromising the system when the file is opened.

References

http://www.vupen.com/english/advisories/2009/1540

vdb-entryx_refsource_VUPEN

http://secunia.com/secunia_research/2009-12/

x_refsource_MISC

http://www.securityfocus.com/archive/1/504190/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2009
Vulnerability Reserved
Feb 12, 2009