Microsoft Excel Remote Code Execution Vulnerabilities (968557) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-009.

Impact

Successful exploitation could allow execution of arbitrary code by tricking a user into opening a specially crafted Excel file. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

Insight

Flaws are due to Memory corruption error and an invalid object access when processing a malformed Excel document, which in cause a application crash.

Affected

Microsoft Office Excel 2K SP3 Microsoft Office Excel 2k2 SP3 Microsoft Office Excel 2k3 SP3 Microsoft Office Excel 2k7 SP1

References

http://www.microsoft.com/technet/security/bulletin/ms09-009.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0100, CVE-2009-0238

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft IIS Security Bypass Vulnerability (970483)
Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
Cumulative Security Update for Internet Explorer (928090)
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)

Take action and discover your vulnerabilities