Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Compatibility Pack Word Excel Powerpoint
  • Office
  • Excel Viewer
  • Excel
  • Open Xml File Format Converter

Configuration 1 [-]

OR cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2009-11/0080.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832
http://osvdb.org/59860
http://www.exploit-db.com/exploits/14706 Exploit
http://www.securityfocus.com/bid/36945
http://www.securitytracker.com/id?1023157
http://www.us-cert.gov/cas/techalerts/TA09-314A.html US Government Resource
http://www.zerodayinitiative.com/advisories/ZDI-09-083
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6521
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2009-11-11T19:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2009-09-10T00:00:00

Link: CVE-2009-3129

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-11-11T19:30:00.530

Modified: 2018-10-12T21:52:14.153

Link: CVE-2009-3129

JSON object: View

cve-icon Redhat Information

No data.

CWE