CVE-2009-0558

Published: Jun 10, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."

Affected (16)

Products: Microsoft: Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel, Office Excel Viewer, Office Sharepoint Server, Open Xml File Format Converter

6 products

Office Compatibility Pack For Word Excel Ppt 2007

Office Excel Viewer

Office Sharepoint Server

Open Xml File Format Converter

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2004
Microsoft Office	Version 2008
Microsoft Office	Version xp sp3
Microsoft Office Compatibility Pack For Word Excel Ppt 2007	All versions
Microsoft Office Compatibility Pack For Word Excel Ppt 2007	All versions
Microsoft Office Excel	Version 2000 sp3
Microsoft Office Excel	Version 2003 sp3
Microsoft Office Excel	Version 2007 sp1
Microsoft Office Excel	Version 2007 sp2
Microsoft Office Excel Viewer	All versions
Microsoft Office Excel Viewer	Version 2003 sp3
Microsoft Office Sharepoint Server	Version 2007 sp1
Microsoft Office Sharepoint Server	Version 2007 sp1
Microsoft Office Sharepoint Server	Version 2007 sp2
Microsoft Office Sharepoint Server	Version 2007 sp2
Microsoft Open Xml File Format Converter	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

http://osvdb.org/54954

Source: secure@microsoft.com

http://secunia.com/secunia_research/2009-1/

Source: secure@microsoft.com

Vendor Advisory

http://www.securityfocus.com/archive/1/504188/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/35242

Source: secure@microsoft.com

http://www.securitytracker.com/id?1022351

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2009/1540

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525

Source: secure@microsoft.com

http://osvdb.org/54954

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/secunia_research/2009-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/504188/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35242

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022351

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/1540

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.