CVE-2009-0238
Description
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
57.177
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Microsoft Excel 2002 (KB959988) | Windows |
| Security Update for Microsoft Excel 2003 (KB959995) | Windows |
| Security Update for Microsoft Excel 2007 (KB959997) x86 based systems | Windows |
| Security Update for Microsoft Office Excel Viewer 2003 (KB959993) | Windows |
| Security Update for Microsoft Office Excel Viewer (KB960000) | Windows |
| Security Update for 2007 Microsoft Office System (KB960003) | Windows |
| Security Update for Microsoft Excel 2007 (KB959997) x86 based systems for SP1 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-6903 | Security Update for Microsoft Excel 2007 (KB959997) |
| PATCH-6905 | Security Update for Microsoft Office Excel Viewer (KB960000) |
| PATCH-6906 | Security Update for 2007 Microsoft Office System (KB960003) |
| PATCH-6907 | Security Update for Microsoft Excel 2007 (KB959997) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234