High severity8.8CISA KEVNVD Advisory· Published Feb 25, 2009· Updated Jun 16, 2026
CVE-2009-0238
CVE-2009-0238
Description
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_excel_viewer:2003:sp3:*:*:*:*:*:*
- (no CPE)range: 2003 Gold and SP3, Excel Viewer
- cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
- Range: 2000 SP3, 2002 SP3, 2003 SP3, 2007 SP1, Excel Viewer 2003 Gold and SP3, Excel Viewer, Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Office 2004 for Mac, Office 2008 for Mac
Patches
Vulnerability mechanics
References
12- www.microsoft.com/technet/security/advisory/968272.mspxnvdVendor Advisory
- docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/48875nvdThird Party Advisory
- blogs.zdnet.com/security/nvdBroken Link
- isc.sans.org/diary.htmlnvdPress/Media Coverage
- securitytracker.com/idnvdBroken Link
- www.securityfocus.com/bid/33870nvdBroken Link
- www.symantec.com/business/security_response/writeup.jspnvdBroken Link
- www.us-cert.gov/cas/techalerts/TA09-104A.htmlnvdUS Government Resource
- www.vupen.com/english/advisories/2009/1023nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.