Loading…

Cookies and privacy

We use strictly necessary cookies to run the site. With your permission we also load Vercel Web Analytics and Speed Insights to measure traffic and performance in aggregate. See our Cookie Policy and Privacy Policy.

CVE-2009-0238: Microsoft Office Remote Code Execution · Scorifya

CVE detail

CVE-2009-0238: Microsoft Office Remote Code Execution

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

Microsoft · Office

Date added (KEV): Apr 14, 2026
CISA due date: Apr 28, 2026
Ransomware campaign use: Unknown

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vendor fix: Vendor advisory

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238

References

http://www.microsoft.com/technet/security/advisory/968272.mspxVendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009Vendor Advisory
http://www.microsoft.com/technet/security/advisory/968272.mspxVendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009Vendor Advisory
http://blogs.zdnet.com/security/?p=2658Broken Link
http://isc.sans.org/diary.html?storyid=5923

Other recent CVEs from Microsoft

CVE-2026-42897Microsoft — Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVE-2026-32202Windows — Microsoft Windows Protection Mechanism Failure Vulnerability
CVE-2026-33825Defender — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
CVE-2026-32201SharePoint Server — Microsoft SharePoint Server Improper Input Validation Vulnerability
CVE-2012-1854Visual Basic for Applications (VBA) — Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching Microsoft changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology