Content
(MS09-021) Microsoft Office Excel Record Pointer Corruption Vulnerability II (969462)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Maliciously Crafted File
- Rating
- Low
- CVE reference
- CVE-2009-1134,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Excel 2007 SP1,
- Excel 2007 SP2,
- Excel Viewer 2003 SP3,
- Office Compatibility Pack Word,Excel,Powerpoint 2007 SP2,
- Summary
- A vulnerability in Microsoft Office Excel may allow for remote code execution attacks.
Tab Navigation
Description
A vulnerability in Microsoft Office Excel may allow for remote code execution attacks. The flaw is specific to the processing of Excel files which contain malformed record objects. Exploitation can be achieved via a specially-crafted Excel file.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-021) Microsoft Office Excel Record Pointer Corruption Vulnerability II (969462)
- Signature identifier:
- 6759
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Office Excel Record Pointer Corruption Vulnerability II
- Signature identifier:
- 0x40260500
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Office Excel may allow for remote code execution attacks. The flaw is specific to the processing of Excel files which contain malformed record objects. Exploitation can be achieved via a specially-crafted Excel file.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-021) Microsoft Office Excel Record Pointer Corruption Vulnerability II (969462)
- Signature identifier:
- 6759
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Office Excel Record Pointer Corruption Vulnerability II
- Signature identifier:
- 0x40260500
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Additional Resources -
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx
