CVE-2009-0100
First published: Wed Apr 15 2009(Updated: )
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2008 | |
| Microsoft Office | =2004 | |
| Microsoft Office Viewer | ||
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =sp1 | |
| Microsoft Office Viewer | =2003-sp3 | |
| Microsoft Office Excel | =2003-sp3 | |
| Microsoft Office Excel | =2000-sp3 | |
| Microsoft Office Excel | =2002-sp3 | |
| Microsoft Office Excel | =2007-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1022039
- http://www.us-cert.gov/cas/techalerts/TA09-104A.html
- http://osvdb.org/53665
- http://www.vupen.com/english/advisories/2009/1023
- http://www.fortiguardcenter.com/advisory/FGA-2009-16.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043
- http://www.securityfocus.com/archive/1/502696/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
Frequently Asked Questions
What is the severity of CVE-2009-0100?
CVE-2009-0100 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2009-0100?
To fix CVE-2009-0100, users should apply the latest security updates from Microsoft for the affected versions of Excel.
Which versions are affected by CVE-2009-0100?
CVE-2009-0100 affects Microsoft Office Excel 2000, 2002, 2003, 2007, as well as Excel for Mac 2004 and 2008.
What could happen if I am affected by CVE-2009-0100?
If affected by CVE-2009-0100, an attacker could exploit the vulnerability to execute arbitrary code on the user's system.
Is Microsoft Office Excel Viewer impacted by CVE-2009-0100?
Yes, Microsoft Office Excel Viewer 2003 is also impacted by CVE-2009-0100.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/description
- agent/author
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2008
- version/microsoft office/2004
- canonical/microsoft office viewer
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/sp1
- version/microsoft office viewer/2003-sp3
- canonical/microsoft office excel
- version/microsoft office excel/2003-sp3
- version/microsoft office excel/2000-sp3
- version/microsoft office excel/2002-sp3
- version/microsoft office excel/2007-sp1