CVE DATABASE / CVE-2009-0238
CVE-2009-0238
Microsoft Office Remote Code Execution
Confirmed exploited in the wild. Added 2026-04-14.
Federal remediation due 2026-04-28.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Summary
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Data: NIST NVD + CISA KEV. Always verify against the vendor advisory before acting.