CVE-2009-0561

Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805
http://osvdb.org/54957
http://secunia.com/secunia_research/2009-12/	Vendor Advisory
http://www.securityfocus.com/archive/1/504190/100/0/threaded
http://www.securityfocus.com/bid/35245
http://www.securitytracker.com/id?1022351
http://www.us-cert.gov/cas/techalerts/TA09-160A.html	US Government Resource
http://www.vupen.com/english/advisories/2009/1540	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:2008::mac:::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1::::::*
	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2::::::*
	cpe:2.3:a:microsoft:office_excel:2000:sp3::::::
	cpe:2.3:a:microsoft:office_excel:2003:sp3::::::
	cpe:2.3:a:microsoft:office_excel:2007:sp1::::::
	cpe:2.3:a:microsoft:office_excel:2007:sp2::::::
	cpe:2.3:a:microsoft:office_excel_viewer::::::::
	cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3::::::
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:::::*
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:::::*
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:::::*
	cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:::::*
	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*

History

No history.

Information

Published : 2009-06-10 18:30

Updated : 2018-10-12 21:50

NVD link : CVE-2009-0561

Mitre link : CVE-2009-0561

CVE.ORG link : CVE-2009-0561

JSON object : View

Products Affected

microsoft

office
office_excel
office_sharepoint_server
office_excel_viewer
open_xml_file_format_converter
office_compatibility_pack_for_word_excel_ppt_2007

CWE

CWE-189

Numeric Errors

{"id": "CVE-2009-0561", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-06-10T18:30:00.280", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805", "source": "secure@microsoft.com"}, {"url": "http://osvdb.org/54957", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/secunia_research/2009-12/", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/504190/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/35245", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1022351", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1540", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka \"Record Integer Overflow Vulnerability.\""}, {"lang": "es", "value": "Un desbordamiento enteros en Excel en Office 2000 SP3, Office XP SP3, Office 2003 SP3 y Office 2004 y 2008 para Mac de Microsoft; Excel en 2007 Office System SP1 y SP2 de Microsoft; Open XML File Format Converter para Mac; Office Excel Viewer 2003 SP3 de Microsoft; Office Excel Viewer de Microsoft; Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft; y Office SharePoint Server 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de Excel con un registro de tabla de cadenas compartidas (SST) con un campo num\u00e9rico que especifica un n\u00famero no v\u00e1lido de cadenas \u00fanicas, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, tambi\u00e9n se conoce como \"Record Integer Overflow Vulnerability\"."}], "lastModified": "2018-10-12T21:50:41.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"}, {"criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260"}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1"}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3382DE96-A3CD-4094-9828-2955472BBE2D"}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "806086B6-AB83-4008-A1A2-73BC35A95925"}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD22DBA8-40B0-4197-9D56-38D5D9E1ED89"}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "297A9F48-13DF-4042-AC21-B8B764B217BE"}, {"criteria": "cpe:2.3:a:microsoft:office_excel:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F03E302A-83DE-46FF-9044-09230841BD2A"}, {"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B"}, {"criteria": "cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B18C291F-57C2-4328-8FCF-3C1A27B0D18D"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E013CE59-0ABF-4542-A9E9-D295AA0FC2A2"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0AEECDD-BBD0-4042-8A47-D66670A6DC6E"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91A3E58F-E2FE-4346-9083-58C963171A73"}, {"criteria": "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BE07062-6299-4371-BD74-BA7F7840DBA8"}, {"criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

9.3 /10