PT-2009-3208 · Microsoft · Office Xp+2

Published

2009-06-10

Updated

2018-10-12

CVE-2009-0559

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions in Microsoft Office 2000 SP3 and Office XP SP3

Description A remote code execution issue exists in Microsoft Office Excel, allowing attackers to execute arbitrary code via a crafted Excel file with a malformed record object. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office 2000 SP3 and Office XP SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2009-0559

Affected Products

Office 2000

Office Excel

Office Xp

PT-2009-3208 · Microsoft · Office Xp+2

CVE-2009-0559

Weakness Enumeration

Related Identifiers

Affected Products

References · 9