1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Microsoft Excel Invalid Object Reference Vulnerability

Report ID: SA200900904
Source: Secunia
Date of Discovery: 24.02.2009
Criticality: Critical
Affects:
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2007
Microsoft Office XP

Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error that may cause an invalid object to be referenced when opening an Excel document.

Successful exploitation allows execution of arbitrary code.

NOTE: According to Microsoft, the vulnerability is currently being actively exploited.

Solution

The vendor recommends using MOICE (Microsoft Office Isolated Conversion Environment) for opening untrusted Office documents and/or using Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents.

Original Reference

-

CVE Reference

CVE-2009-0238