Microsoft Excel Remote Code Execution Vulnerabilities (968557) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-009.

Impact

Successful exploitation could allow execution of arbitrary code by tricking a user into opening a specially crafted Excel file. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

Insight

Flaws are due to Memory corruption error and an invalid object access when processing a malformed Excel document, which in cause a application crash.

Affected

Microsoft Office Excel 2K SP3 Microsoft Office Excel 2k2 SP3 Microsoft Office Excel 2k3 SP3 Microsoft Office Excel 2k7 SP1

References

http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0100, CVE-2009-0238

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Multiple Vulnerabilities (2916607)
Microsoft DirectShow Remote Code Execution Vulnerability (977935)
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)

Take action and discover your vulnerabilities