CVE-2009-0557
HIGH KEVMicrosoft Office <2008 - RCE
Title source: llmDescription
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
References (8)
Scores
CVSS v3
7.8
EPSS
0.8637
EPSS Percentile
99.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-06-08
VulnCheck KEV
2022-06-08
InTheWild.io
2022-06-08
ENISA EUVD
EUVD-2009-0561
CWE
CWE-94
Status
published
Products (11)
microsoft/office
2000 sp3
microsoft/office
2003 sp3
microsoft/office
2004
microsoft/office
2007 sp1 (2 CPE variants)
microsoft/office
2008
microsoft/office
xp sp3
microsoft/office_compatibility_pack
2007 sp1 (2 CPE variants)
microsoft/office_excel_viewer
microsoft/office_excel_viewer
2003 sp3
microsoft/office_sharepoint_server
2007 sp1 (2 CPE variants)
... and 1 more
Published
Jun 10, 2009
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026