Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-0238
Analyzed
More InfoOfficial Page
Source-secure@microsoft.com
View Known Exploited Vulnerability (KEV) details
Published At-25 Feb, 2009 | 16:30
Updated At-22 Apr, 2026 | 16:42

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2026-04-142026-04-28Microsoft Office Remote Code ExecutionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2026-04-14
Due Date: 2026-04-28
Vulnerability Name: Microsoft Office Remote Code Execution
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>excel>>2000
cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2002
cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2003
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2007
cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel_viewer>>*
cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office>>2004
cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*
Microsoft Corporation
microsoft
>>office>>2008
cpe:2.3:a:microsoft:office:2008:*:*:*:*:macos:*:*
Microsoft Corporation
microsoft
>>office_compatibility_pack>>2007
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_excel_viewer>>*
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_excel_viewer>>2003
cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE-94Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-94
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.zdnet.com/security/?p=2658secure@microsoft.com
Broken Link
http://isc.sans.org/diary.html?storyid=5923secure@microsoft.com
Press/Media Coverage
http://securitytracker.com/id?1021744secure@microsoft.com
Broken Link
http://www.microsoft.com/technet/security/advisory/968272.mspxsecure@microsoft.com
Vendor Advisory
http://www.securityfocus.com/bid/33870secure@microsoft.com
Broken Link
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99secure@microsoft.com
Broken Link
http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlsecure@microsoft.com
US Government Resource
http://www.vupen.com/english/advisories/2009/1023secure@microsoft.com
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009secure@microsoft.com
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48875secure@microsoft.com
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968secure@microsoft.com
Broken Link
http://blogs.zdnet.com/security/?p=2658af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://isc.sans.org/diary.html?storyid=5923af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
http://securitytracker.com/id?1021744af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.microsoft.com/technet/security/advisory/968272.mspxaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/33870af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2009/1023af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48875af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://blogs.zdnet.com/security/?p=2658
Source: secure@microsoft.com
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=5923
Source: secure@microsoft.com
Resource:
Press/Media Coverage
Hyperlink: http://securitytracker.com/id?1021744
Source: secure@microsoft.com
Resource:
Broken Link
Hyperlink: http://www.microsoft.com/technet/security/advisory/968272.mspx
Source: secure@microsoft.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/33870
Source: secure@microsoft.com
Resource:
Broken Link
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99
Source: secure@microsoft.com
Resource:
Broken Link
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-104A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1023
Source: secure@microsoft.com
Resource:
Broken Link
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
Source: secure@microsoft.com
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48875
Source: secure@microsoft.com
Resource:
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968
Source: secure@microsoft.com
Resource:
Broken Link
Hyperlink: http://blogs.zdnet.com/security/?p=2658
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=5923
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: http://securitytracker.com/id?1021744
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.microsoft.com/technet/security/advisory/968272.mspx
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/33870
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-104A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1023
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48875
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found