Heap-based Buffer Overflow in Microsoft Office Excel and Open XML File Format Converter
CVE-2009-3130

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel; Excel Viewer
Vendor: CVE Published:; 11 November 2009

Summary

This vulnerability is a heap-based buffer overflow found in Microsoft Office Excel (specifically versions 2002 SP3, 2004, and 2008 for Mac) and the Open XML File Format Converter for Mac. Attackers can exploit this vulnerability through specially crafted spreadsheets containing malformed Binary File Format (BIFF) records, leading to memory corruption. Such exploitation can potentially allow remote attackers to execute arbitrary code on affected systems, posing significant risks to user data and system integrity.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securitytracker.com/id?1023157

vdb-entryx_refsource_SECTRACK

http://www.us-cert.gov/cas/techalerts/TA09-314A.html

third-party-advisoryx_refsource_CERT

EPSS Score

63% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 11, 2009
Vulnerability Reserved
Sep 10, 2009