CVE-2009-0557
high-risk
Published 2009-06-10
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
Do I need to act?
!
86.4% chance of exploitation in next 30 days
EPSS score — higher than 14% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (14)
Affected Vendors
References (15)
Broken Link
http://osvdb.org/54953
Broken Link
http://www.securityfocus.com/bid/35241
Broken Link
http://www.securitytracker.com/id?1022351
Broken Link
http://osvdb.org/54953
Broken Link
http://www.securityfocus.com/bid/35241
Broken Link
http://www.securitytracker.com/id?1022351
69
/ 100
high-risk
Severity
24/34 · High
Exploitability
27/34 · High
Exposure
18/34 · Moderate