Vulnerability-Lookup

CVE-2009-0238 (GCVE-0-2009-0238)

Vulnerability from cvelistv5 – Published: 2009-02-25 16:00 – Updated: 2026-04-15 03:58

CISA KEV

Summary

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

microsoft

References

URL

Tags

	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1023	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/33870	vdb-entryx_refsource_BID
	http://www.symantec.com/business/security_respons…	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://isc.sans.org/diary.html?storyid=5923	x_refsource_MISC
	http://securitytracker.com/id?1021744	vdb-entryx_refsource_SECTRACK
	http://blogs.zdnet.com/security/?p=2658	x_refsource_MISC

Date Public ?

2009-02-24 00:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: defc1339-959e-42cc-98bb-9e2a5e3e11b5

Vulnerability ID: CVE-2009-0238

Status: Confirmed

Status Updated: 2026-04-14 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2026-04-14

Asserted: 2026-04-14

Scope

Notes: KEV entry: Microsoft Office Remote Code Execution | Affected: Microsoft / Office | Description: Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-04-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-94
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Office
Due Date	2026-04-28
Date Added	2026-04-14
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Office Remote Code Execution
Knownransomwarecampaignuse	Unknown

References

CVE-2009-0238

Created: 2026-04-14 18:00 UTC | Updated: 2026-04-14 18:00 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
          },
          {
            "name": "ADV-2009-1023",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1023"
          },
          {
            "name": "ms-excel-unspecified-code-execution(48875)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
          },
          {
            "name": "TA09-104A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "name": "33870",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33870"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
          },
          {
            "name": "MS09-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
          },
          {
            "name": "oval:org.mitre.oval:def:5968",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=5923"
          },
          {
            "name": "1021744",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021744"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.zdnet.com/security/?p=2658"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2009-0238",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-04-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T03:58:09.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-14T00:00:00.000Z",
            "value": "CVE-2009-0238 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
        },
        {
          "name": "ADV-2009-1023",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1023"
        },
        {
          "name": "ms-excel-unspecified-code-execution(48875)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
        },
        {
          "name": "TA09-104A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
        },
        {
          "name": "33870",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33870"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
        },
        {
          "name": "MS09-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
        },
        {
          "name": "oval:org.mitre.oval:def:5968",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=5923"
        },
        {
          "name": "1021744",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021744"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.zdnet.com/security/?p=2658"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.microsoft.com/technet/security/advisory/968272.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
            },
            {
              "name": "ADV-2009-1023",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1023"
            },
            {
              "name": "ms-excel-unspecified-code-execution(48875)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "33870",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33870"
            },
            {
              "name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99",
              "refsource": "MISC",
              "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
            },
            {
              "name": "MS09-009",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
            },
            {
              "name": "oval:org.mitre.oval:def:5968",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=5923",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=5923"
            },
            {
              "name": "1021744",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021744"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=2658",
              "refsource": "MISC",
              "url": "http://blogs.zdnet.com/security/?p=2658"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0238",
    "datePublished": "2009-02-25T16:00:00.000Z",
    "dateReserved": "2009-01-20T00:00:00.000Z",
    "dateUpdated": "2026-04-15T03:58:09.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2009-0238",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2026-04-14",
      "dueDate": "2026-04-28",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238",
      "product": "Office",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Office Remote Code Execution"
    },
    "epss": {
      "cve": "CVE-2009-0238",
      "date": "2026-04-14",
      "epss": "0.57177",
      "percentile": "0.98148"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0238\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-02-25T16:30:00.343\",\"lastModified\":\"2026-04-14T18:16:39.080\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.\"},{\"lang\":\"es\",\"value\":\"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3 y 2007 SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP1; y Excel de Microsoft Office 2004 y 2008 para Mac; permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento Excel manipulado que provoca un intento de acceso a un objeto no v\u00e1lido, tal y como se ha explotado libremente en Febrero 2009 por MDropper.XR.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"CE1A1218-8033-4F3C-B8D7-7D1D61A273E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"971EC323-267F-4DAF-BA3B-10A47A9F1ADA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"5BA91840-371C-4282-9F7F-B393F785D260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5C94F2C-786B-45E4-B80A-FC668D917014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"806086B6-AB83-4008-A1A2-73BC35A95925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD22DBA8-40B0-4197-9D56-38D5D9E1ED89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"297A9F48-13DF-4042-AC21-B8B764B217BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2613CE-C469-43AE-A590-87CE1FAADA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2289060-BDF3-4F45-B256-FE3DBA8181E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18C291F-57C2-4328-8FCF-3C1A27B0D18D\"}]}]}],\"references\":[{\"url\":\"http://blogs.zdnet.com/security/?p=2658\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=5923\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://securitytracker.com/id?1021744\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.microsoft.com/technet/security/advisory/968272.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33870\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1023\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.zdnet.com/security/?p=2658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=5923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1021744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.microsoft.com/technet/security/advisory/968272.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.microsoft.com/technet/security/advisory/968272.mspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1023\", \"name\": \"ADV-2009-1023\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875\", \"name\": \"ms-excel-unspecified-code-execution(48875)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"name\": \"TA09-104A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/33870\", \"name\": \"33870\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\", \"name\": \"MS09-009\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968\", \"name\": \"oval:org.mitre.oval:def:5968\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://isc.sans.org/diary.html?storyid=5923\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://securitytracker.com/id?1021744\", \"name\": \"1021744\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://blogs.zdnet.com/security/?p=2658\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T04:24:18.463Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2009-0238\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-14T17:46:07.269630Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-04-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T13:23:07.222Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-14T00:00:00.000Z\", \"value\": \"CVE-2009-0238 added to CISA KEV\"}]}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2009-02-24T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.microsoft.com/technet/security/advisory/968272.mspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1023\", \"name\": \"ADV-2009-1023\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875\", \"name\": \"ms-excel-unspecified-code-execution(48875)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"name\": \"TA09-104A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://www.securityfocus.com/bid/33870\", \"name\": \"33870\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\", \"name\": \"MS09-009\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968\", \"name\": \"oval:org.mitre.oval:def:5968\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://isc.sans.org/diary.html?storyid=5923\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://securitytracker.com/id?1021744\", \"name\": \"1021744\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://blogs.zdnet.com/security/?p=2658\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.microsoft.com/technet/security/advisory/968272.mspx\", \"name\": \"http://www.microsoft.com/technet/security/advisory/968272.mspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1023\", \"name\": \"ADV-2009-1023\", \"refsource\": \"VUPEN\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875\", \"name\": \"ms-excel-unspecified-code-execution(48875)\", \"refsource\": \"XF\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"name\": \"TA09-104A\", \"refsource\": \"CERT\"}, {\"url\": \"http://www.securityfocus.com/bid/33870\", \"name\": \"33870\", \"refsource\": \"BID\"}, {\"url\": \"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99\", \"name\": \"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99\", \"refsource\": \"MISC\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009\", \"name\": \"MS09-009\", \"refsource\": \"MS\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968\", \"name\": \"oval:org.mitre.oval:def:5968\", \"refsource\": \"OVAL\"}, {\"url\": \"http://isc.sans.org/diary.html?storyid=5923\", \"name\": \"http://isc.sans.org/diary.html?storyid=5923\", \"refsource\": \"MISC\"}, {\"url\": \"http://securitytracker.com/id?1021744\", \"name\": \"1021744\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=2658\", \"name\": \"http://blogs.zdnet.com/security/?p=2658\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2009-0238\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2009-0238\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-15T03:58:09.636Z\", \"dateReserved\": \"2009-01-20T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2009-02-25T16:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTA-2009-AVI-147

Vulnerability from certfr_avis - Published: 2009-04-15 - Updated: 2009-04-15

Une vulnérabilité a été identifiée dans Microsoft Excel. L'exploitation de cette vulnérabilité permet à une personne malveillante d'exécuter du code arbitraire à distance par le biais d'un document spécialement construit.

Description

Une vulnérabilité a été identifiée dans l'application bureautique Microsoft Excel.

Cette vulnérabilité est due à la mauvaise interprétation de certains objets des documents XLS, provoquant ainsi une corruption de mémoire. L'exploitation de cette vulnérabilité permet à une personne malintentionnée d'exécuter du code arbitraire via un document XLS spécialement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Excel 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office Excel Viewer ;
Microsoft	Office	Microsoft Office Excel 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Office Excel 2002 Service Pack 3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité MS09-009 du 14 avril 2009	None	vendor-advisory
Alerte du CERTA numéro CERTA-2009-ALE-002 du 25 février 2009 :	-	other
Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009 :	-	other
Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Excel 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027application bureautique\nMicrosoft Excel.\n\nCette vuln\u00e9rabilit\u00e9 est due \u00e0 la mauvaise interpr\u00e9tation de certains\nobjets des documents XLS, provoquant ainsi une corruption de m\u00e9moire.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire via un document XLS\nsp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"
    },
    {
      "name": "CVE-2009-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0100"
    }
  ],
  "initial_release_date": "2009-04-15T00:00:00",
  "last_revision_date": "2009-04-15T00:00:00",
  "links": [
    {
      "title": "Alerte du CERTA num\u00e9ro CERTA-2009-ALE-002 du 25 f\u00e9vrier    2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-002/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-009.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nExcel\u003c/span\u003e. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le\nbiais d\u0027un document sp\u00e9cialement construit.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS09-009 du 14 avril 2009",
      "url": null
    }
  ]
}

GSD-2009-0238

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0238

Aliases

CVE-2009-0238

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0238",
    "description": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.",
    "id": "GSD-2009-0238"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0238"
      ],
      "details": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.",
      "id": "GSD-2009-0238",
      "modified": "2023-12-13T01:19:43.707027Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-0238",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.microsoft.com/technet/security/advisory/968272.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
          },
          {
            "name": "ADV-2009-1023",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1023"
          },
          {
            "name": "ms-excel-unspecified-code-execution(48875)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
          },
          {
            "name": "TA09-104A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "name": "33870",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33870"
          },
          {
            "name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99",
            "refsource": "MISC",
            "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
          },
          {
            "name": "MS09-009",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
          },
          {
            "name": "oval:org.mitre.oval:def:5968",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
          },
          {
            "name": "http://isc.sans.org/diary.html?storyid=5923",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?storyid=5923"
          },
          {
            "name": "1021744",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021744"
          },
          {
            "name": "http://blogs.zdnet.com/security/?p=2658",
            "refsource": "MISC",
            "url": "http://blogs.zdnet.com/security/?p=2658"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0238"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.microsoft.com/technet/security/advisory/968272.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
            },
            {
              "name": "33870",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33870"
            },
            {
              "name": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=5923",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary.html?storyid=5923"
            },
            {
              "name": "1021744",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021744"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=2658",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.zdnet.com/security/?p=2658"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "ADV-2009-1023",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1023"
            },
            {
              "name": "ms-excel-unspecified-code-execution(48875)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
            },
            {
              "name": "oval:org.mitre.oval:def:5968",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
            },
            {
              "name": "MS09-009",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:50Z",
      "publishedDate": "2009-02-25T16:30Z"
    }
  }
}

CERTA-2009-ALE-002

Vulnerability from certfr_alerte - Published: 2009-02-25 - Updated: 2009-04-15

Une vulnérabilité a été identifiée sur Microsoft Excel. L'exploitation de cette dernière par le biais d'un document spécialement conçu permet à une personne malveillante d'exécuter du code arbitraire à distance sur un poste ayant une version vulnérable de l'application.

Description

Une vulnérabilité a été identifiée sur l'application bureautique Microsoft Excel.

L'exploitation de cette vulnérabilité par le biais d'un document XLS spécialement conçu permet à une personne malveillante d'exécuter du code arbitraire à distance sur un poste ayant une version vulnérable de l'application.

Contournement provisoire

Dans l'attente d'un correctif, plusieurs mesures permettent de réduire l'impact de l'exploitation de cette vulnérabilité :

travailler avec un compte utilisateur aux droits restreints (principe du moindre privilège) ;
utiliser l'outil de conversion MOICE (Microsoft Office Isolated Conversion Environment) pour convertir tout fichier XLS en XSLX avant son ouverture ;
activer la mesure (très restrictive) FileBlock, imposant l'ouverture unique des fichiers au nouveau format XML. Les détails pratiques se trouvent dans l'avis de sécurité Microsoft ;
utiliser un logiciel alternatif (visualisateur, tableur ou suite bureautique) ;
n'ouvrir que des documents issus de sources de confiance ;
être circonspect à l'égard des pièces jointes de courriels et des documents téléchargés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Excel 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2008 pour Mac.
Microsoft	Office	Microsoft Office Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office Excel Viewer ;
Microsoft	Office	Microsoft Office Excel 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;
Microsoft	Office	Microsoft Office Excel Viewer 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office Excel 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Office Excel 2002 Service Pack 3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-009 du 14 avril 2009	None	vendor-advisory
Avis de sécurité Microsoft 968272 du 24 février 2009	None	vendor-advisory
Article du bloc-notes MSRC correspondant :	-	other
Article du bloc-notes SWI correspondant :	-	other
Référence CVE CVE-2009-0238 :	-	other
Avis du CERTA numéro CERTA-2009-AVI-147 du 15 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Excel 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack pour Word, Excel et Powerpoint 2007, Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-04-15",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sur l\u0027application bureautique\nMicrosoft Excel.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 par le biais d\u0027un document XLS\nsp\u00e9cialement con\u00e7u permet \u00e0 une personne malveillante d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur un poste ayant une version vuln\u00e9rable de\nl\u0027application.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif, plusieurs mesures permettent de r\u00e9duire\nl\u0027impact de l\u0027exploitation de cette vuln\u00e9rabilit\u00e9\u00a0:\n\n-   travailler avec un compte utilisateur aux droits restreints\n    (principe du moindre privil\u00e8ge)\u00a0;\n-   utiliser l\u0027outil de conversion MOICE (Microsoft Office Isolated\n    Conversion Environment) pour convertir tout fichier XLS en XSLX\n    avant son ouverture\u00a0;\n-   activer la mesure (tr\u00e8s restrictive) FileBlock, imposant l\u0027ouverture\n    unique des fichiers au nouveau format XML. Les d\u00e9tails pratiques se\n    trouvent dans l\u0027avis de s\u00e9curit\u00e9 Microsoft\u00a0;\n-   utiliser un logiciel alternatif (visualisateur, tableur ou suite\n    bureautique)\u00a0;\n-   n\u0027ouvrir que des documents issus de sources de confiance\u00a0;\n-   \u00eatre circonspect \u00e0 l\u0027\u00e9gard des pi\u00e8ces jointes de courriels et des\n    documents t\u00e9l\u00e9charg\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0100"
    },
    {
      "name": "CVE-2009-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"
    }
  ],
  "initial_release_date": "2009-02-25T00:00:00",
  "last_revision_date": "2009-04-15T00:00:00",
  "links": [
    {
      "title": "Article du bloc-notes MSRC correspondant :",
      "url": "http://blogs.technet.com/msrc/archive/2009/02/24/microsoft-security-advisory-968272.aspx"
    },
    {
      "title": "Article du bloc-notes SWI correspondant :",
      "url": "http://blogs.technet.com/swi/archive/2009/02/24/more-information-about-the-new-excel-vulnerability.aspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0238 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0238"
    },
    {
      "title": "Avis du CERTA num\u00e9ro CERTA-2009-AVI-147 du 15 avril 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-002/index.html"
    }
  ],
  "reference": "CERTA-2009-ALE-002",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-25T00:00:00.000000"
    },
    {
      "description": "ajout du lien vers le correctif.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sur Microsoft Excel. L\u0027exploitation\nde cette derni\u00e8re par le biais d\u0027un document sp\u00e9cialement con\u00e7u permet \u00e0\nune personne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur\nun poste ayant une version vuln\u00e9rable de l\u0027application.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-009 du 14 avril 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-009.mspx"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 968272 du 24 f\u00e9vrier 2009",
      "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
    }
  ]
}

GHSA-QW7J-W352-G8M7

Vulnerability from github – Published: 2022-05-02 03:13 – Updated: 2026-04-14 18:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-25T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.",
  "id": "GHSA-qw7j-w352-g8m7",
  "modified": "2026-04-14T18:30:24Z",
  "published": "2022-05-02T03:13:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0238"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238"
    },
    {
      "type": "WEB",
      "url": "http://blogs.zdnet.com/security/?p=2658"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?storyid=5923"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021744"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33870"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2009-0238

Vulnerability from fkie_nvd - Published: 2009-02-25 16:30 - Updated: 2026-04-14 18:16

CISA KEV

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.zdnet.com/security/?p=2658
secure@microsoft.com	http://isc.sans.org/diary.html?storyid=5923
secure@microsoft.com	http://securitytracker.com/id?1021744
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/968272.mspx	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/33870
secure@microsoft.com	http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1023
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/48875
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968
af854a3a-2127-422b-91ae-364da2661108	http://blogs.zdnet.com/security/?p=2658
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=5923
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021744
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/968272.mspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33870
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1023
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48875
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238

Impacted products

Vendor	Product	Version
microsoft	excel	2004
microsoft	excel_viewer	*
microsoft	office	2008
microsoft	office_compatibility_pack	2007
microsoft	office_excel	2000
microsoft	office_excel	2002
microsoft	office_excel	2003
microsoft	office_excel	2007
microsoft	office_excel_viewer	*
microsoft	office_excel_viewer	2003
microsoft	office_excel_viewer	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "971EC323-267F-4DAF-BA3B-10A47A9F1ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ECDF1C1D-EF63-4A3E-AEE2-2D2D9FDBF368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D2289060-BDF3-4F45-B256-FE3DBA8181E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC."
    },
    {
      "lang": "es",
      "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3 y 2007 SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP1; y Excel de Microsoft Office 2004 y 2008 para Mac; permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento Excel manipulado que provoca un intento de acceso a un objeto no v\u00e1lido, tal y como se ha explotado libremente en Febrero 2009 por MDropper.XR."
    }
  ],
  "id": "CVE-2009-0238",
  "lastModified": "2026-04-14T18:16:39.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2009-02-25T16:30:00.343",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.zdnet.com/security/?p=2658"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://isc.sans.org/diary.html?storyid=5923"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1021744"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/33870"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.zdnet.com/security/?p=2658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=5923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/968272.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0238 (GCVE-0-2009-0238)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

CERTA-2009-AVI-147

Description

Solution

GSD-2009-0238

CERTA-2009-ALE-002

Description

Contournement provisoire

Solution

GHSA-QW7J-W352-G8M7

FKIE_CVE-2009-0238

Tags

Sightings

Nomenclature