Microsoft Excel Remote Code Execution Vulnerabilities (968557) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-009.

Impact

Successful exploitation could allow execution of arbitrary code by tricking a user into opening a specially crafted Excel file. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

Insight

Flaws are due to Memory corruption error and an invalid object access when processing a malformed Excel document, which in cause a application crash.

Affected

Microsoft Office Excel 2K SP3 Microsoft Office Excel 2k2 SP3 Microsoft Office Excel 2k3 SP3 Microsoft Office Excel 2k7 SP1

References

http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0100, CVE-2009-0238
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Message Queuing Remote Code Execution Vulnerability (951071)
Microsoft DirectShow Remote Code Execution Vulnerability (2845187)
Cumulative Security Update for Internet Explorer (958215)
.NET JIT Compiler Vulnerability
Cumulative Security Update for Internet Explorer (950759)

Take action and discover your vulnerabilities