Vulnerabilities > CVE-2009-3130 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Msbulletin
bulletin_id | MS09-067 |
bulletin_url | |
date | 2009-11-10T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 972652 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-067.NASL description The remote host contains a version of Microsoft Excel, Excel Viewer, 2007 Microsoft Office system, or Microsoft Office Compatibility Pack that is affected by several memory corruption vulnerabilities. An attacker could exploit this by tricking a user into opening a maliciously crafted Excel file, resulting in the execution of arbitrary code subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 42441 published 2009-11-10 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42441 title MS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42441); script_version("1.31"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id( "CVE-2009-3127", "CVE-2009-3128", "CVE-2009-3129", "CVE-2009-3130", "CVE-2009-3131", "CVE-2009-3132", "CVE-2009-3133", "CVE-2009-3134" ); script_bugtraq_id(36908, 36909, 36911, 36912, 36943, 36944, 36945, 36946); script_xref(name:"MSFT", value:"MS09-067"); script_xref(name:"MSKB", value:"973471"); script_xref(name:"MSKB", value:"973475"); script_xref(name:"MSKB", value:"973484"); script_xref(name:"MSKB", value:"973593"); script_xref(name:"MSKB", value:"973704"); script_xref(name:"MSKB", value:"973707"); script_xref(name:"EDB-ID", value:"14706"); script_xref(name:"EDB-ID", value:"16625"); script_name(english:"MS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)"); script_summary(english:"Checks the version of all affected Excel renderers"); script_set_attribute( attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through opening a Microsoft Excel file." ); script_set_attribute( attribute:"description", value: "The remote host contains a version of Microsoft Excel, Excel Viewer, 2007 Microsoft Office system, or Microsoft Office Compatibility Pack that is affected by several memory corruption vulnerabilities. An attacker could exploit this by tricking a user into opening a maliciously crafted Excel file, resulting in the execution of arbitrary code subject to the user's privileges." ); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-067"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-09-083/"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Office XP, Office 2003, Office 2007, and Office Excel Viewer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(94, 119); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel_viewer"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_nt_ms02-031.nasl", "office_installed.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("misc_func.inc"); include("audit.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-067'; kbs = make_list("973471", "973475", "973484", "973593", "973704", "973707"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); info = ""; # Excel. kb = ''; vuln = 0; installs = get_kb_list("SMB/Office/Excel/*/ProductPath"); if (!isnull(installs)) { foreach install (keys(installs)) { version = install - 'SMB/Office/Excel/' - '/ProductPath'; path = installs[install]; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Excel 2007. if ( ver[0] == 12 && ver[1] == 0 && ( ver[2] < 6514 || (ver[2] == 6514 && ver[3] < 5000) ) ) { office_sp = get_kb_item("SMB/Office/2007/SP"); if (!isnull(office_sp) && (office_sp == 1 || office_sp == 2)) { vuln++; info = '\n Product : Excel 2007' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 12.0.6514.5000\n'; kb = '973593'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } # Excel 2003. else if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8316) { office_sp = get_kb_item("SMB/Office/2003/SP"); if (!isnull(office_sp) && office_sp == 3) { vuln++; info = '\n Product : Excel 2003' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 11.0.8316.0\n'; kb = '973475'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } # Excel 2002. else if (ver[0] == 10 && ver[1] == 0 && ver[2] < 6856) { office_sp = get_kb_item("SMB/Office/XP/SP"); if (!isnull(office_sp) && office_sp == 3) { vuln++; info = '\n Product : Excel 2002' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 10.0.6856.0\n'; kb = '973471'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } } } # Excel Viewer. installs = get_kb_item("SMB/Office/ExcelViewer/*/ProductPath"); if (!isnull(installs)) { foreach install (keys(installs)) { version = install - 'SMB/Office/ExcelViewer/' - '/ProductPath'; path = installs[install]; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Excel Viewer. if ( ver[0] == 12 && ver[1] == 0 && ( ver[2] < 6514 || (ver[2] == 6514 && ver[3] < 5000) ) ) { vuln++; info = '\n Product : Excel Viewer' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 12.0.6514.5000\n'; kb = '973707'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } # Excel Viewer 2003. else if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8313) { vuln++; info = '\n Product : Excel 2003' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 11.0.8313.0\n'; kb = '973484'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } } # 2007 Microsoft Office system and the Microsoft Office Compatibility Pack. installs = get_kb_list("SMB/Office/ExcelCnv/*/ProductPath"); if (!isnull(installs)) { foreach install (keys(installs)) { version = install - 'SMB/Office/ExcelCnv/' - '/ProductPath'; path = installs[install]; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # 2007 Office system and the Office Compatibility Pack. if ( ver[0] == 12 && ver[1] == 0 && ( ver[2] < 6514 || (ver[2] == 6514 && ver[3] < 5000) ) ) { info = '\n Product : 2007 Office system and the Office Compatibility Pack' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 12.0.6514.5000\n'; kb = '973704'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } } if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); exit(0); } else audit(AUDIT_HOST_NOT, 'affected');
NASL family MacOS X Local Security Checks NASL id MACOSX_MS_OFFICE_NOV2009.NASL description The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel or Word file, these issues could be leveraged to execute arbitrary code subject to the user last seen 2019-10-28 modified 2010-10-20 plugin id 50063 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50063 title MS09-067 / MS09-068: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (972652 / 976307) (Mac OS X) code #TRUSTED 5489dfbca3177efc26893565dd865ef43a08040c1ba1469c8e5df8c9fc33bfc49ebad3cdf886e66812c6998067dd16a0b7dc57629d42489961890d4787a5759fa4169f5644831122206f8f2b79561a42aae3ee4ec960c580a8bbe719799e7e7072a4dc99498842a93edb4ce8408c615904f1f030d6fa0f5a988707c22b1a6fad76222e48da7a4ae3c7125870ad5732073c6120b025e934c15f19a505af987113d7f04fd0d7af1bfd003b27a1019ea5daa4a29ace1cb0c115dbddab4d58d7e21c02bac9ed9b6cd9c186c6782421ce88bb6cbba2b3e418186ca160f2afae5797995636576755789272cdc7e204ce992b09e9cd8531afb0b548e8ce244c78d4830a6b7cc42b27385579d5d36c598bb8080fd088970377730f20696508cd91a6664eac262b5396ec686c1fac0bd8a061d0f864a717f9135f881a124d7d30cc774353a58d019397accae8860c1e844feff130cc1448378823e4ec37089cdcf64bc1435c9b85ff933e24e838c70782a5f4e4ff611498e98f13ed967a055e499d38bae9488d6a1edb5052231a5c1936d26a891d844376b2533a50bb0229ac4df3a0bbb246ba5052c73d6bd9c80f28b7a433c762009c95303f033a8e289e716df2b1729741c74544410ddc41c2bd8f309e14bdb37252fc532a4f5c7411b23a8ff86ab1c8ce17e390507cd1fa7f161bc1fda767c7cc65790b39918205d5b34d56dd76e27a # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(50063); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id( "CVE-2009-3127", "CVE-2009-3129", "CVE-2009-3130", "CVE-2009-3131", "CVE-2009-3132", "CVE-2009-3133", "CVE-2009-3134", "CVE-2009-3135" ); script_bugtraq_id(36908, 36909, 36911, 36912, 36943, 36945, 36946, 36950); script_xref(name:"MSFT", value:"MS09-067"); script_xref(name:"MSFT", value:"MS09-068"); script_xref(name:"MSKB", value:"972652"); script_xref(name:"MSKB", value:"976307"); script_xref(name:"MSKB", value:"976828"); script_xref(name:"MSKB", value:"976830"); script_xref(name:"MSKB", value:"976831"); script_name(english:"MS09-067 / MS09-068: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (972652 / 976307) (Mac OS X)"); script_summary(english:"Check version of Microsoft Office"); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel or Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges."); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-067"); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-068"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2008::mac"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:open_xml_file_format_converter:::mac"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); function exec(cmd) { local_var buf, ret; if (islocalhost()) buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd)); else { ret = ssh_open_connection(); if (!ret) exit(1, "ssh_open_connection() failed."); buf = ssh_cmd(cmd:cmd); ssh_close_connection(); } return buf; } packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing."); uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (!egrep(pattern:"Darwin.*", string:uname)) exit(1, "The host does not appear to be using the Darwin sub-system."); # Gather version info. info = ''; installs = make_array(); prod = 'Office 2008 for Mac'; plist = "/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist"; cmd = 'cat \'' + plist + '\' | ' + 'grep -A 1 CFBundleShortVersionString | ' + 'tail -n 1 | ' + 'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''; version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); if (version !~ "^12\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'."); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '12.2.3'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } prod = 'Office 2004 for Mac'; cmd = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office"); version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); if (version !~ "^11\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'."); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '11.5.6'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } prod = 'Open XML File Format Converter for Mac'; plist = "/Applications/Open XML Converter.app/Contents/Info.plist"; cmd = 'cat \'' + plist + '\' | ' + 'grep -A 1 CFBundleShortVersionString | ' + 'tail -n 1 | ' + 'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''; version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '1.1.3'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } # Report findings. if (info) { gs_opt = get_kb_item("global_settings/report_verbosity"); if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info); else security_hole(0); exit(0); } else { if (max_index(keys(installs)) == 0) exit(0, "Office for Mac / Open XML File Format Converter is not installed."); else { msg = 'The host has '; foreach prod (sort(keys(installs))) msg += prod + ' ' + installs[prod] + ' and '; msg = substr(msg, 0, strlen(msg)-1-strlen(' and ')); msg += ' installed and thus is not affected.'; exit(0, msg); } }
Oval
accepted | 2012-05-28T04:02:02.637-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:6137 | ||||||||
status | accepted | ||||||||
submitted | 2009-11-10T13:00:00 | ||||||||
title | Excel Document Parsing Heap Overflow Vulnerability | ||||||||
version | 5 |
Seebug
bulletinFamily | exploit |
description | Bugraq ID: 36946 CVE ID:CVE-2009-3130 Microsoft Excel是一款微软开发的电子表格处理程序。 Microsoft Office Excel存在一个远程代码执行漏洞,如果用户打开一个特殊构建的包含畸形的BIFF记录的Excel文件可允许远程代码执行。 成功利用此漏洞允许完全控制受影响系统,攻击者成功利用此漏洞可以以内核权限安装程序;查看,更改或删除数据等。 Microsoft Open XML File Format Converter for Mac Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Excel 2002 SP3 Microsoft Excel 2002 SP2 Microsoft Excel 2002 SP1 Microsoft Excel 2002 用户可参考如下微软提供的安全补丁: Microsoft Open XML File Format Converter for Mac 0 Microsoft Open XML File Format Converter for Mac 1.1.3 http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217 -497e-8f65-4347f2544ed6 Microsoft Office 2008 for Mac 0 Microsoft Microsoft Office 2008 for Mac 12.2.3 Update http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda -451e-9ead-69e10aee7928 Microsoft Excel 2002 SP3 Microsoft Security Update for Microsoft Excel 2002 (KB973471) http://www.microsoft.com/downloads/details.aspx?familyid=5672c8fc-8509 -4962-ad86-ebc0f2575043 Microsoft Office 2004 for Mac 0 Microsoft Microsoft Office 2004 for Mac 11.5.6 Update http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28 -4ecf-937c-99c4b60c7c8e |
id | SSV:12615 |
last seen | 2017-11-19 |
modified | 2009-11-11 |
published | 2009-11-11 |
reporter | Root |
title | Microsoft Excel畸形BIFF记录远程代码执行漏洞(MS09-067) |