Trend Micro Security

Microsoft Excel Unspecified Remote Code Execution Vulnerability

2011年7月1日
  危険度: : 緊急
  CVE識別番号: CVE-2009-0238,MS09-009

  概要

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

  トレンドマイクロの対策

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1003309
  Trend Micro Deep Security DPI Rule Name: 1003309 - Microsoft Excel Unspecified Remote Code Execution Vulnerability

  影響を受けるソフトウェア

  • microsoft excel 2004
  • microsoft excel_viewer
  • microsoft office 2008
  • microsoft office_compatibility_pack 2007
  • microsoft office_excel 2000
  • microsoft office_excel 2002
  • microsoft office_excel 2003
  • microsoft office_excel 2007
  • microsoft office_excel_viewer 2003