Release DateApr 17, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a memory-corruption vulnerabilityin Microsoft Excel. This vulnerability is caused by an error when the affected software handles a crafted XLS file with a malformed object. It allows a remote attacker to execute arbitrary code. |
Affected ProductsMicrosoft Office Excel 2000 Service Pack 3Microsoft Office Excel 2002 Service Pack 3 Microsoft Office Excel 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 |
Recommended ActionsApply the patch, available from the vendor's website:http://www.microsoft.com/technet/security/Bulletin/ms09-009.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0100 |
Reference/shttp://www.microsoft.com/technet/security/Bulletin/ms09-009.mspx (MS-ID) |
