CVE-2009-0557

Published: Jun 10, 2009Modified: Apr 22, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."

Affected (14)

Products: Microsoft: Office, Office Compatibility Pack, Office Excel Viewer, Office Sharepoint Server, Open Xml File Format Converter

5 products

Office Compatibility Pack

Office Excel Viewer

Office Sharepoint Server

Open Xml File Format Converter

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2000 sp3
Microsoft Office	Version 2003 sp3
Microsoft Office	Version 2004
Microsoft Office	Version 2007 sp1
Microsoft Office	Version 2007 sp2
Microsoft Office	Version 2008
Microsoft Office	Version xp sp3
Microsoft Office Compatibility Pack	Version 2007 sp1
Microsoft Office Compatibility Pack	Version 2007 sp2
Microsoft Office Excel Viewer	All versions
Microsoft Office Excel Viewer	Version 2003 sp3
Microsoft Office Sharepoint Server	Version 2007 sp1
Microsoft Office Sharepoint Server	Version 2007 sp2
Microsoft Open Xml File Format Converter	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (15)

http://osvdb.org/54953

Source: secure@microsoft.com

Broken Link

http://www.securityfocus.com/bid/35241

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022351

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/1540

Source: secure@microsoft.com

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Source: secure@microsoft.com

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564

Source: secure@microsoft.com

Broken Link

http://osvdb.org/54953

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/35241

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022351

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/1540

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0557

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.