CVE-2009-3132: Code Injection
First published: Wed Nov 11 2009(Updated: )
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Open XML File Format Converter | ||
| Microsoft Office | =2008 | |
| Microsoft Office | =2004 | |
| Microsoft Office Excel | =2007-sp2 | |
| Microsoft Office Excel Viewer | =sp2 | |
| Microsoft Office Excel | =2007-sp1 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp2 | |
| Microsoft Office Excel Viewer | =2003-sp3 | |
| Microsoft Office Excel | =2002-sp3 | |
| Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | =2007-sp1 | |
| Microsoft Office Excel | =2003-sp3 | |
| Microsoft Office Excel Viewer | =sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3132?
CVE-2009-3132 has a moderate severity level as it allows for potential remote code execution.
How do I fix CVE-2009-3132?
To resolve CVE-2009-3132, users should install the latest security updates for their affected Microsoft Office products.
Which versions of Microsoft Office are affected by CVE-2009-3132?
CVE-2009-3132 affects Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2, along with several versions of Office for Mac and the Excel Viewer.
What type of attack is associated with CVE-2009-3132?
CVE-2009-3132 is associated with remote code execution attacks that exploit vulnerabilities in Microsoft Office Excel.
Is there a patch available for CVE-2009-3132?
Yes, Microsoft has released patches to address CVE-2009-3132 which can be found in the official update channels.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft open xml file format converter
- canonical/microsoft office
- version/microsoft office/2008
- version/microsoft office/2004
- canonical/microsoft office excel
- version/microsoft office excel/2007-sp2
- canonical/microsoft office excel viewer
- version/microsoft office excel viewer/sp2
- version/microsoft office excel/2007-sp1
- canonical/microsoft office compatibility pack for word, excel, and powerpoint
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp2
- version/microsoft office excel viewer/2003-sp3
- version/microsoft office excel/2002-sp3
- version/microsoft office compatibility pack for word, excel, and powerpoint/2007-sp1
- version/microsoft office excel/2003-sp3
- version/microsoft office excel viewer/sp1