CVE-2009-3127

Published Nov 11, 2009

Last updated 6 years ago

Overview

Description: Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EB896B5-611E-4457-B438-C6CC937D63FF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F9109ED-34C9-45E0-9E8B-FC05054E0F73"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F703901F-AD7C-42E7-BBFA-529A8C510D83"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "273729C3-56BF-454A-8697-473094EA828F"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E8D1DDD-8996-43A3-9FC7-60539E09CFC4"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D65CAA23-16D8-4AE7-8BC4-F73B1C5F9C3B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References