CVE-2009-3133
https://notcve.org/view.php?id=CVE-2009-3133
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." Microsoft Office Excel v2002 SP3, Office v2004 y v2008 para Mac, y Open XML File Format Converter para Mac permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo que contiene un objeto manipulado que lanza una corrupción de memoria, relacionado con "carga de registros Excel," como "vulnerabilidad de corrupción de memoria en el análisis de documentos Excel". • http://www.securitytracker.com/id?1023157 http://www.us-cert.gov/cas/techalerts/TA09-314A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3134
https://notcve.org/view.php?id=CVE-2009-3134
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability." Microsoft Office Excel 2002 SP3, v2003 SP3, y v2007 SP1 y SP2; Office v2004 y v2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer v2003 SP3; Office Excel Viewer SP1 y SP2; y Office Compatibility Pack para Word, Excel, y PowerPoint v2007 File Formats SP1 y SP2 no analiza adecuadamente el formato de archivo Excel, permitiendo a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo con un objeto manipulada como "Vulnerabilidad en la limpieza de campo Excel". • http://www.securitytracker.com/id?1023157 http://www.us-cert.gov/cas/techalerts/TA09-314A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5878 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3128
https://notcve.org/view.php?id=CVE-2009-3128
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." Microsoft Office Excel v2002 SP3 y v2003 SP3, y Office Excel Viewer v2003 SP3, no analiza adecuadamente el formato de archivo Excel, permitiendo a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo con un objeto manipulado, como "vulnerabilidad de corrupción de memoria SxView en Excel". • http://www.securitytracker.com/id?1023157 http://www.us-cert.gov/cas/techalerts/TA09-314A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6474 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3127 – Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3127
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." Microsoft Office Excel v2002 SP3 y v2003 SP3, Office v2004 y 2008 para Mac, Open XML File Format Converter para Mac, y Office Excel Viewer v2003 SP3 no analiza adecuadamente el formato de archivo Excel, lo que permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo manipulada, como "vulnerabilidad de corrupción de memoria caché de Excel" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists when parsing a document containing a malformed PivotCache Stream. The application will utilize the iCache value of an SXVI record to seek into a list of objects. While setting an attribute of that particular object, the application will corrupt memory which can lead to code execution under the context of the currently logged in user. • http://www.securitytracker.com/id?1023157 http://www.us-cert.gov/cas/techalerts/TA09-314A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6146 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3129 – Microsoft Excel Featheader Record Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3129
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability." Office Excel 2002 SP3, 2003 SP3 y 2007 SP1 y SP2; Office 2004 y 2008 para Mac; Open XML File Format Converter para Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 y SP2; y Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una hoja de cálculo con un registro FEATHEADER que contiene un elemento de tamaño cbHdrData no válido que afecta a un desplazamiento del puntero, también se conoce como "Excel Featheader Record Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious spreadsheet. The specific flaw exists in the handling of Shared Feature Header (0x867) tags in an Excel BIFF file format. When processing the cbHdrData size element of the FEATHEADER it is possible to directly control the distance of a calculated pointer. • https://www.exploit-db.com/exploits/14706 https://www.exploit-db.com/exploits/16625 http://archives.neohapsis.com/archives/bugtraq/2009-11/0080.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832 http://osvdb.org/59860 http://www.exploit-db.com/exploits/14706 http://www.securityfocus.com/bid/36945 http://www.securitytracker.com/id?1023157 http://www.us-cert.gov/cas/techalerts/TA09-314A.html http://www.zerodayinitiative.com/advisories/ZDI-09-083 htt • CWE-94: Improper Control of Generation of Code ('Code Injection') •