[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-0238":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-18T08:14:08.048Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":32,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":36,"related":37,"reserved_at":9,"published_at":38,"modified_at":39,"state":40,"summary":41,"references_raw":52,"kevs":117,"epss":128,"epss_history":131,"metrics":354,"affected":367},"CVE-2009-0238","Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,28],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[],{"id":29,"name":30,"techniques":31},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[],[],[],[],[],"2009-02-25T16:00:00.000Z","2026-04-15T03:58:09.636Z","Deferred",{"cisa_kev":42,"cisa_ransomware":43,"cisa_vendor":44,"epss_severity":45,"epss_score":46,"severity":47,"severity_score":48,"severity_version":49,"severity_source":50,"severity_vector":51,"severity_status":40},true,false,"Microsoft","critical",0.81142,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[53,60,66,71,78,83,88,93,99,103,108,112],{"url":54,"sources":55,"tags":57},"http://www.microsoft.com/technet/security/advisory/968272.mspx",[56,50],"cve.org",[58,59],"X Refsource CONFIRM","Vendor Advisory",{"url":61,"sources":62,"tags":63},"http://www.vupen.com/english/advisories/2009/1023",[56,50],[64,65],"VDB Entry","X Refsource VUPEN",{"url":67,"sources":68,"tags":69},"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875",[56,50],[64,70],"X Refsource XF",{"url":72,"sources":73,"tags":74},"http://www.us-cert.gov/cas/techalerts/TA09-104A.html",[56,50],[75,76,77],"Third Party Advisory","X Refsource CERT","US Government Resource",{"url":79,"sources":80,"tags":81},"http://www.securityfocus.com/bid/33870",[56,50],[64,82],"X Refsource BID",{"url":84,"sources":85,"tags":86},"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99",[56,50],[87],"X Refsource MISC",{"url":89,"sources":90,"tags":91},"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009",[56,50],[59,92],"X Refsource MS",{"url":94,"sources":95,"tags":96},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968",[56,50],[64,97,98],"Signature","X Refsource OVAL",{"url":100,"sources":101,"tags":102},"http://isc.sans.org/diary.html?storyid=5923",[56,50],[87],{"url":104,"sources":105,"tags":106},"http://securitytracker.com/id?1021744",[56,50],[64,107],"X Refsource SECTRACK",{"url":109,"sources":110,"tags":111},"http://blogs.zdnet.com/security/?p=2658",[56,50],[87],{"url":113,"sources":114,"tags":115},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238",[56,50],[116],"Government Resource",[118],{"source":119,"vendor":44,"product":120,"date_added":121,"vulnerability_name":122,"short_description":123,"required_action":124,"due_date":125,"known_ransomware_campaign_use":126,"notes":127,"exploitation_type":9},"cisa","Office","2026-04-14","Microsoft Office Remote Code Execution","Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-04-28","Unknown","https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238",{"date":129,"score":46,"percentile":130},"2026-04-17",0.99162,[132,136,139,141,144,146,148,150,152,155,158,160,162,164,166,169,172,175,178,181,184,186,189,191,193,195,198,200,203,206,208,210,212,214,216,218,221,223,225,228,231,233,235,238,241,243,245,247,249,251,253,255,257,260,263,265,267,269,271,274,277,279,282,285,287,290,293,296,299,302,304,306,309,312,315,317,319,321,324,327,330,333,336,338,341,343,345,347,349,351],{"date":133,"score":134,"percentile":135},"2025-11-04",0.57177,0.98024,{"date":137,"score":134,"percentile":138},"2025-11-05",0.98026,{"date":140,"score":134,"percentile":138},"2025-11-06",{"date":142,"score":134,"percentile":143},"2025-11-07",0.98027,{"date":145,"score":134,"percentile":143},"2025-11-08",{"date":147,"score":134,"percentile":138},"2025-11-09",{"date":149,"score":134,"percentile":138},"2025-11-10",{"date":151,"score":134,"percentile":143},"2025-11-11",{"date":153,"score":134,"percentile":154},"2025-11-12",0.98029,{"date":156,"score":134,"percentile":157},"2025-11-13",0.9803,{"date":159,"score":134,"percentile":157},"2025-11-14",{"date":161,"score":134,"percentile":143},"2025-11-15",{"date":163,"score":134,"percentile":143},"2025-11-16",{"date":165,"score":134,"percentile":143},"2025-11-17",{"date":167,"score":134,"percentile":168},"2025-11-18",0.98071,{"date":170,"score":134,"percentile":171},"2025-11-19",0.98072,{"date":173,"score":134,"percentile":174},"2025-11-20",0.98074,{"date":176,"score":134,"percentile":177},"2025-11-21",0.98021,{"date":179,"score":134,"percentile":180},"2025-11-22",0.98019,{"date":182,"score":134,"percentile":183},"2025-11-23",0.98018,{"date":185,"score":134,"percentile":183},"2025-11-24",{"date":187,"score":134,"percentile":188},"2025-11-25",0.9802,{"date":190,"score":134,"percentile":188},"2025-11-26",{"date":192,"score":134,"percentile":177},"2025-11-27",{"date":194,"score":134,"percentile":177},"2025-11-28",{"date":196,"score":134,"percentile":197},"2025-11-29",0.98022,{"date":199,"score":134,"percentile":197},"2025-11-30",{"date":201,"score":134,"percentile":202},"2025-12-01",0.98037,{"date":204,"score":134,"percentile":205},"2025-12-02",0.98038,{"date":207,"score":134,"percentile":205},"2025-12-03",{"date":209,"score":134,"percentile":177},"2025-12-04",{"date":211,"score":134,"percentile":188},"2025-12-05",{"date":213,"score":134,"percentile":197},"2025-12-06",{"date":215,"score":134,"percentile":197},"2025-12-07",{"date":217,"score":134,"percentile":135},"2025-12-08",{"date":219,"score":134,"percentile":220},"2025-12-09",0.98023,{"date":222,"score":134,"percentile":138},"2025-12-10",{"date":224,"score":134,"percentile":154},"2025-12-11",{"date":226,"score":134,"percentile":227},"2025-12-12",0.98032,{"date":229,"score":134,"percentile":230},"2025-12-13",0.98028,{"date":232,"score":134,"percentile":230},"2025-12-14",{"date":234,"score":134,"percentile":230},"2025-12-15",{"date":236,"score":134,"percentile":237},"2025-12-16",0.98035,{"date":239,"score":134,"percentile":240},"2025-12-17",0.98039,{"date":242,"score":134,"percentile":205},"2025-12-18",{"date":244,"score":134,"percentile":240},"2025-12-19",{"date":246,"score":134,"percentile":205},"2025-12-20",{"date":248,"score":134,"percentile":202},"2025-12-21",{"date":250,"score":134,"percentile":227},"2025-12-22",{"date":252,"score":134,"percentile":205},"2025-12-23",{"date":254,"score":134,"percentile":240},"2025-12-24",{"date":256,"score":134,"percentile":237},"2025-12-25",{"date":258,"score":134,"percentile":259},"2025-12-26",0.98036,{"date":261,"score":134,"percentile":262},"2025-12-27",0.98046,{"date":264,"score":134,"percentile":202},"2025-12-28",{"date":266,"score":134,"percentile":205},"2025-12-29",{"date":268,"score":134,"percentile":259},"2025-12-30",{"date":270,"score":134,"percentile":240},"2025-12-31",{"date":272,"score":134,"percentile":273},"2026-01-01",0.98062,{"date":275,"score":134,"percentile":276},"2026-01-02",0.98061,{"date":278,"score":134,"percentile":273},"2026-01-03",{"date":280,"score":134,"percentile":281},"2026-01-04",0.98048,{"date":283,"score":134,"percentile":284},"2026-01-05",0.98049,{"date":286,"score":134,"percentile":284},"2026-01-06",{"date":288,"score":134,"percentile":289},"2026-01-07",0.98051,{"date":291,"score":134,"percentile":292},"2026-01-08",0.98052,{"date":294,"score":134,"percentile":295},"2026-01-09",0.98054,{"date":297,"score":134,"percentile":298},"2026-01-10",0.98055,{"date":300,"score":134,"percentile":301},"2026-01-11",0.98053,{"date":303,"score":134,"percentile":301},"2026-01-12",{"date":305,"score":134,"percentile":298},"2026-01-13",{"date":307,"score":134,"percentile":308},"2026-01-14",0.98058,{"date":310,"score":134,"percentile":311},"2026-01-15",0.98059,{"date":313,"score":134,"percentile":314},"2026-01-16",0.9806,{"date":316,"score":134,"percentile":273},"2026-01-17",{"date":318,"score":134,"percentile":276},"2026-01-18",{"date":320,"score":134,"percentile":273},"2026-01-19",{"date":322,"score":134,"percentile":323},"2026-01-20",0.98063,{"date":325,"score":134,"percentile":326},"2026-01-21",0.98064,{"date":328,"score":134,"percentile":329},"2026-01-22",0.98066,{"date":331,"score":134,"percentile":332},"2026-01-23",0.98067,{"date":334,"score":134,"percentile":335},"2026-01-24",0.98069,{"date":337,"score":134,"percentile":335},"2026-01-25",{"date":339,"score":134,"percentile":340},"2026-01-26",0.9807,{"date":342,"score":134,"percentile":340},"2026-01-27",{"date":344,"score":134,"percentile":171},"2026-01-28",{"date":346,"score":134,"percentile":168},"2026-01-29",{"date":348,"score":134,"percentile":340},"2026-01-30",{"date":350,"score":134,"percentile":335},"2026-01-31",{"date":352,"score":134,"percentile":353},"2026-02-01",0.98089,[355,365],{"source":50,"cvss_v2_0":356,"cvss_v3_0":9,"cvss_v3_1":359,"cvss_v4_0":9},{"baseScore":48,"baseSeverity":9,"vectorString":51,"impactScore":357,"exploitabilityScore":358},10,8.6,{"baseScore":360,"baseSeverity":361,"vectorString":362,"impactScore":363,"exploitabilityScore":364},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,7.2,{"source":56,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":366,"cvss_v4_0":9},{"baseScore":360,"baseSeverity":361,"vectorString":362,"impactScore":363,"exploitabilityScore":364},[368,374,378,386,397],{"ecosystem":9,"name":369,"vendor":9,"product":369,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":370},"Excel",[371],{"version":372,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2004","cpe",{"ecosystem":9,"name":120,"vendor":9,"product":120,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":375},[376],{"version":377,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2008",{"ecosystem":9,"name":379,"vendor":380,"product":381,"cpe_part":382,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":383},"office compatibility pack","microsoft","office_compatibility_pack","a",[384],{"version":385,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2007:sp1",{"ecosystem":9,"name":387,"vendor":380,"product":388,"cpe_part":382,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":389},"office excel","office_excel",[390,392,394,396],{"version":391,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2000:sp3",{"version":393,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2002:sp3",{"version":395,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2003:sp3",{"version":385,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":398,"vendor":380,"product":399,"cpe_part":382,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":400},"office excel viewer","office_excel_viewer",[401,403],{"version":402,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2003:gold",{"version":395,"is_range":43,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]