CVE-2009-3127

2009-11-1119:30:00

CWE-94

[email protected]

web.nvd.nist.gov

microsoft office

excel

remote code execution

vulnerability

cve-2009-3127

security

office for mac

open xml file format converter

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.449 Medium

EPSS

Percentile

97.4%

JSON

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Excel Cache Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:open_xml_file_format_convertermicrosoft open xml file format convertereq*
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2004
microsoft:excelmicrosoft exceleq2007
microsoft:excel_viewermicrosoft excel viewereq*
microsoft:compatibility_pack_word_excel_powerpointmicrosoft compatibility pack word excel powerpointeq2007
microsoft:excel_viewermicrosoft excel viewereq2003
microsoft:excelmicrosoft exceleq2002
microsoft:excelmicrosoft exceleq2003

CPE	Name	Operator	Version
microsoft:open_xml_file_format_converter	microsoft open xml file format converter	eq	*
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2004
microsoft:excel	microsoft excel	eq	2007
microsoft:excel_viewer	microsoft excel viewer	eq	*
microsoft:compatibility_pack_word_excel_powerpoint	microsoft compatibility pack word excel powerpoint	eq	2007
microsoft:excel_viewer	microsoft excel viewer	eq	2003
microsoft:excel	microsoft excel	eq	2002
microsoft:excel	microsoft excel	eq	2003