CVE-2009-1134

Published: Jun 10, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."

Affected (16)

Products: Microsoft: Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel, Office Excel Viewer, Office Sharepoint Server, Open Xml File Format Converter

6 products

Office Compatibility Pack For Word Excel Ppt 2007

Office Excel Viewer

Office Sharepoint Server

Open Xml File Format Converter

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2004
Microsoft Office	Version 2008
Microsoft Office	Version xp sp3
Microsoft Office Compatibility Pack For Word Excel Ppt 2007	All versions
Microsoft Office Compatibility Pack For Word Excel Ppt 2007	All versions
Microsoft Office Excel	Version 2000 sp3
Microsoft Office Excel	Version 2003 sp3
Microsoft Office Excel	Version 2007 sp1
Microsoft Office Excel	Version 2007 sp2
Microsoft Office Excel Viewer	All versions
Microsoft Office Excel Viewer	Version 2003 sp3
Microsoft Office Sharepoint Server	Version 2007 sp1
Microsoft Office Sharepoint Server	Version 2007 sp1
Microsoft Office Sharepoint Server	Version 2007 sp2
Microsoft Office Sharepoint Server	Version 2007 sp2
Microsoft Open Xml File Format Converter	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

http://osvdb.org/54958

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/504213/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/35246

Source: secure@microsoft.com

http://www.securitytracker.com/id?1022351

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2009/1540

Source: secure@microsoft.com

http://www.zerodayinitiative.com/advisories/ZDI-09-040/

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922

Source: secure@microsoft.com

http://osvdb.org/54958

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/504213/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35246

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022351

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/1540

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-09-040/

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.