Memory Corruption Vulnerability in Microsoft Office Excel Products
CVE-2009-3128

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel; Excel Viewer
Vendor: CVE Published:; 11 November 2009

Summary

A memory corruption vulnerability exists in Microsoft Office Excel 2002 SP3, Office Excel 2003 SP3, and Office Excel Viewer 2003 SP3. This flaw arises due to improper parsing of the Excel file format, which can be exploited by remote attackers. Specifically, attackers can leverage a specially crafted spreadsheet that contains a malformed record object to execute arbitrary code on the victim's machine when the affected application processes the malicious file. Users are advised to apply available patches and use caution when handling Excel documents from untrusted sources.

References

http://www.securitytracker.com/id?1023157

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA09-314A.html

third-party-advisoryx_refsource_CERT

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 11, 2009
Vulnerability Reserved
Sep 10, 2009