Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2009-0100

CVE information

Published

14 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

High

Impact Analysis

Description

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability.".

CVSSv2.0 Score

Severity
High
Base Score
9.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel
  Yes
- -
cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office_excel:2003:sp3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office_excel:2000:sp3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office_excel:2002:sp3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:office_excel:2007:sp1:*:*:*:*:*:*
  Yes
- -