OpenCVE

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Compatibility Pack Word Excel Powerpoint Excel Excel Viewer Office Open Xml File Format Converter

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1::::::
	cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp2::::::
	cpe:2.3:a:microsoft:excel:2002:sp3::::::
	cpe:2.3:a:microsoft:excel:2003:sp3::::::
	cpe:2.3:a:microsoft:excel:2007:sp1::::::
	cpe:2.3:a:microsoft:excel:2007:sp2::::::
	cpe:2.3:a:microsoft:excel_viewer::sp1::::::*
	cpe:2.3:a:microsoft:excel_viewer::sp2::::::*
	cpe:2.3:a:microsoft:excel_viewer:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:2008::mac:::::
	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*

No data.

References

Link	Providers
http://www.securitytracker.com/id?1023157
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2009-11-11T20:00:00

Updated: 2024-08-07T06:14:56.411Z

Reserved: 2009-09-10T00:00:00

Link: CVE-2009-3133

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-11-11T20:30:00.280

Modified: 2024-11-21T01:06:37.600

Link: CVE-2009-3133

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to \"loading Excel records,\" aka \"Excel Document Parsing Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1023157", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023157"}, {"name": "oval:org.mitre.oval:def:6265", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265"}, {"name": "TA09-314A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"}, {"name": "MS09-067", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-3133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to \"loading Excel records,\" aka \"Excel Document Parsing Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1023157", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023157"}, {"name": "oval:org.mitre.oval:def:6265", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265"}, {"name": "TA09-314A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"}, {"name": "MS09-067", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:14:56.411Z"}, "title": "CVE Program Container", "references": [{"name": "1023157", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023157"}, {"name": "oval:org.mitre.oval:def:6265", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265"}, {"name": "TA09-314A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"}, {"name": "MS09-067", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-3133", "datePublished": "2009-11-11T20:00:00", "dateReserved": "2009-09-10T00:00:00", "dateUpdated": "2024-08-07T06:14:56.411Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "7EB896B5-611E-4457-B438-C6CC937D63FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "3F9109ED-34C9-45E0-9E8B-FC05054E0F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*", "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "8E8D1DDD-8996-43A3-9FC7-60539E09CFC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*", "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to \"loading Excel records,\" aka \"Excel Document Parsing Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office Excel v2002 SP3, Office v2004 y v2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una hoja de c\u00e1lculo que contiene un objeto manipulado que lanza una corrupci\u00f3n de memoria, relacionado con \"carga de registros Excel,\" como \"vulnerabilidad de corrupci\u00f3n de memoria en el an\u00e1lisis de documentos Excel\"."}], "id": "CVE-2009-3133", "lastModified": "2024-11-21T01:06:37.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-11-11T20:30:00.280", "references": [{"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1023157"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1023157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}