QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0238

Published: Feb 25, 2009

Modified: Apr 15, 2026

PUBLISHED

Description

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.microsoft.com/technet/security/advisory/968272.mspx

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

ms-excel-unspecified-code-execution(48875)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_BID

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99

x_refsource_MISC

vendor-advisory

x_refsource_MS

oval:org.mitre.oval:def:5968

vdb-entry

signature

x_refsource_OVAL

http://isc.sans.org/diary.html?storyid=5923

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

http://blogs.zdnet.com/security/?p=2658

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2009-0238 - Security Vulnerability | QwikSec