9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.649 Medium
EPSS
Percentile
97.6%
Added: 04/23/2009
CVE: CVE-2009-0238
BID: 33870
OSVDB: 52695
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.
A vulnerability in Microsoft Excel allows command execution when a user opens a spreadsheet containing a specially crafted SST record with an odd byte count in the ExtRst structure.
Apply the patch referenced in Microsoft Security Bulletin 09-009.
<http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx>
Exploit works on Microsoft Excel 2007 SP1 and requires a user to open the exploit file in Microsoft Excel.
Windows XP