CVE-2009-0557
HIGH KEVMicrosoft Office Excel - Remote Code Execution via Malformed Record Object
Title source: llmExploitation Summary
CVE-2009-0557 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
References (8)
Core 8
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0557
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1540
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022351
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/54953
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35241
Broken Link, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Scores
CVSS v3
7.8
EPSS
0.8637
EPSS Percentile
99.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2022-06-08
InTheWild.io
2022-06-08
ENISA EUVD
EUVD-2009-0561
CWE
CWE-94
Status
published
Products (11)
microsoft/office
2000 sp3
microsoft/office
2003 sp3
microsoft/office
2004
microsoft/office
2007 sp1 (2 CPE variants)
microsoft/office
2008
microsoft/office
xp sp3
microsoft/office_compatibility_pack
2007 sp1 (2 CPE variants)
microsoft/office_excel_viewer
microsoft/office_excel_viewer
2003 sp3
microsoft/office_sharepoint_server
2007 sp1 (2 CPE variants)
... and 1 more
Published
Jun 10, 2009
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026