CVE-2009-3128

Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."

Published: Nov 11, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3128
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
microsoft / open_xml_file_format_converter	-	-
microsoft / office	2008	2008.x
microsoft / office	2004	2004.x
microsoft / excel	2007-sp2	2007-sp2.x
microsoft / excel_viewer	-	-
microsoft / excel	2007-sp1	2007-sp1.x
microsoft / compatibility_pack_word_excel_powerpoint	2007-sp2	2007-sp2.x
microsoft / excel_viewer	2003-sp3	2003-sp3.x
microsoft / excel	2002-sp3	2002-sp3.x
microsoft / compatibility_pack_word_excel_powerpoint	2007-sp1	2007-sp1.x
microsoft / excel	2003-sp3	2003-sp3.x

http://www.securitytracker.com/id?1023157
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6474

Vulnerability Database

289,599

CVE-2009-3128