CVE-2009-0557
Published: 10 June 2009
Summary
CVE-2009-0557 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Microsoft Excel and related components across multiple versions of Microsoft Office, including Office 2000 SP3 through 2007 SP2, Office 2004 and 2008 for Mac, the Open XML File Format Converter for Mac, Excel Viewer 2003 SP3, Excel Viewer, and the Office Compatibility Pack SP1 and SP2, contain an object record corruption vulnerability. The flaw, tracked as CWE-94, is triggered when the application processes a specially crafted Excel file containing a malformed record object, which can lead to arbitrary code execution on the affected system.
An attacker can exploit the issue by supplying a malicious Excel document that a user opens locally, either directly or through an email attachment or web download. Successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the current user, potentially resulting in full control over confidentiality, integrity, and availability of the system.
Public advisories referenced in the CVE entry, such as the US-CERT Technical Alert TA09-160A and vendor bulletins from SecurityFocus, SecurityTracker, and VUPen, direct administrators to apply the corresponding Microsoft security updates for the listed Office products and viewers.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2009-0561
Vulnerability details
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003…
more
SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying vendor security updates to remediate the object-record parsing flaw before a crafted Excel file can be exploited.
Malicious-code protection mechanisms can block or detect the delivery of the specially crafted Excel file via email or download.
Integrity verification of software and files can identify unauthorized modification or corruption introduced by the malformed record object.