Exploited
critical
9.3
CWE
94
Advisory Published
Updated

CVE-2009-0557: Microsoft Office Object Record Corruption Vulnerability

First published: Wed Jun 10 2009(Updated: )

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."

Credit: secure@microsoft.com secure@microsoft.com

Affected SoftwareAffected VersionHow to fix
Microsoft Office=2000-sp3
Microsoft Office=2003-sp3
Microsoft Office=2004
Microsoft Office=2007-sp1
Microsoft Office=2007-sp2
Microsoft Office=2008
Microsoft Office=xp-sp3
Microsoft Office Viewer
Microsoft Office Viewer=2003-sp3
Microsoft SharePoint Portal Server=2007-sp1
Microsoft SharePoint Portal Server=2007-sp2
Microsoft Office
Microsoft Office=2004
Microsoft Office=2008
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint=sp1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint=sp2
Microsoft Excel=2000-sp3
Microsoft Excel=2003-sp3
Microsoft Excel=2007-sp1
Microsoft Excel=2007-sp2
Microsoft Office Viewer
Microsoft SharePoint Portal Server=2007-sp1
Microsoft SharePoint Portal Server=2007-sp1
Microsoft SharePoint Portal Server=2007-sp2
Microsoft SharePoint Portal Server=2007-sp2
Microsoft Open XML File Format Converter

Remedy

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2009-0557?

    CVE-2009-0557 has been rated as critical due to the potential for remote code execution.

  • How do I fix CVE-2009-0557?

    To fix CVE-2009-0557, users should apply the latest security updates provided by Microsoft for the affected Office versions.

  • What software is affected by CVE-2009-0557?

    CVE-2009-0557 affects various versions of Microsoft Office including Office 2000 SP3, Office XP SP3, and Office 2003 SP3 among others.

  • What types of attacks exploit CVE-2009-0557?

    CVE-2009-0557 can be exploited through malicious Excel files that, when opened, can execute arbitrary code.

  • Is CVE-2009-0557 still a concern for users of outdated Office versions?

    Yes, users of outdated Office versions remain vulnerable to CVE-2009-0557 if they have not applied necessary patches or updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203