Excel Remote Code Execution Vulnerability in Microsoft Products
CVE-2009-3131

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Excel; Excel Viewer
Vendor: CVE Published:; 11 November 2009

Summary

This vulnerability in Microsoft Excel allows attackers to exploit a crafted spreadsheet containing malicious formulas. Upon opening the affected file, the attacker can execute arbitrary code on the victim's machine, potentially gaining unauthorized access to sensitive data or executing harmful operations. This risk spans multiple versions of Microsoft Office, emphasizing the need for users and organizations to apply security updates promptly and exercise caution when handling Excel documents from untrusted sources.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securitytracker.com/id?1023157

vdb-entryx_refsource_SECTRACK

http://www.us-cert.gov/cas/techalerts/TA09-314A.html

third-party-advisoryx_refsource_CERT

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 11, 2009
Vulnerability Reserved
Sep 10, 2009