CVE-2009-0561

Name of the Vulnerable Software and Affected Versions Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Open XML File Format Converter for Mac Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 Microsoft Office SharePoint Server 2007 SP1 Microsoft Office SharePoint Server 2007 SP2

Description The issue allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record containing a numeric field that specifies an invalid number of unique strings, triggering a heap-based buffer overflow. This could enable an attacker to take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office 2000 SP3, update to a newer version to mitigate the risk. For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2004 for Mac, update to a newer version to mitigate the risk. For Microsoft Office 2008 for Mac, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP1, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP2, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk. For Microsoft Office SharePoint Server 2007 SP1, update to a newer version to mitigate the risk. For Microsoft Office SharePoint Server 2007 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of Excel files from untrusted sources until a patch is available.