Description
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
References (9)
Core 9
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1540
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504188/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35242
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022351
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54954
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-1/
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525
Scores
EPSS
0.3107
EPSS Percentile
98.0%
Details
CWE
CWE-94
Status
published
Products (11)
microsoft/office
2004
microsoft/office
2008
microsoft/office
xp sp3
microsoft/office_compatibility_pack_for_word_excel_ppt_2007
(2 CPE variants)
microsoft/office_excel
2000 sp3
microsoft/office_excel
2003 sp3
microsoft/office_excel
2007 sp1 (2 CPE variants)
microsoft/office_excel_viewer
microsoft/office_excel_viewer
2003 sp3
microsoft/office_sharepoint_server
2007 sp1 (4 CPE variants)
... and 1 more
Published
Jun 10, 2009
Tracked Since
Feb 18, 2026