Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:2E09A3921D6DE8DCBF60E386A5490C8C
HistoryApr 23, 2009 - 12:00 a.m.

Microsoft Excel SST record code execution

2009-04-2300:00:00
SAINT Corporation
download.saintcorporation.com
25

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.649 Medium

EPSS

Percentile

97.6%

JSON

Added: 04/23/2009
CVE: CVE-2009-0238
BID: 33870
OSVDB: 52695

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A vulnerability in Microsoft Excel allows command execution when a user opens a spreadsheet containing a specially crafted SST record with an odd byte count in the ExtRst structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-009.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx&gt;

Limitations

Exploit works on Microsoft Excel 2007 SP1 and requires a user to open the exploit file in Microsoft Excel.

Platforms

Windows XP

Related

cvelist 1
prion 1
saint 3
cve 1
securityvulns 2
openvas 2
checkpoint_advisories 2
nessus 2
threatpost 1
cvelist
cvelist
CVE-2009-0238
2009-02-25 16:00:00
prion
prion
Code injection
2009-02-25 16:30:00
saint
saint
Microsoft Excel SST record code execution
2009-04-23 00:00:00
Microsoft Excel SST record code execution
2009-04-23 00:00:00
Microsoft Excel SST record code execution
2009-04-23 00:00:00
cve
cve
CVE-2009-0238
2009-02-25 16:30:00
securityvulns
securityvulns
Microsoft Excel multiple memory corruptions
2009-04-16 00:00:00
Microsoft Security Bulletin MS09-009 - Critical Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution &#40;968557&#41;
2009-04-14 00:00:00
openvas
openvas
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
2009-03-18 00:00:00
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
2009-03-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)
2008-03-13 00:00:00
Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)
2008-03-13 00:00:00
nessus
nessus
MS09-009: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
2009-04-15 00:00:00
MS09-009: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) (Mac OS X)
2010-10-20 00:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.649 Medium

EPSS

Percentile

97.6%

JSON
Related for SAINT:2E09A3921D6DE8DCBF60E386A5490C8C
cvelist1prion1saint3cve1securityvulns2openvas2checkpoint_advisories2nessus2threatpost1