Remote Code Execution Vulnerability in Microsoft Excel 2007 and Viewers
CVE-2009-1134

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Excel; Office Sharepoint Server
Vendor: CVE Published:; 10 June 2009

Summary

A vulnerability exists in Microsoft Excel 2007, the Excel Viewer, and the Office Compatibility Pack that allows attackers to execute arbitrary code. This issue arises from a flaw in handling BIFF files, specifically related to a malformed Qsir record. When a user opens a malicious BIFF file, it could lead to corruption in record pointers, putting the system at risk of unauthorized code execution. Affected users should take immediate action to secure their software environment against potential exploitation.

References

http://www.securityfocus.com/bid/35246

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/504213/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2009/1540

vdb-entryx_refsource_VUPEN

EPSS Score

61% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2009
Vulnerability Reserved
Mar 25, 2009