Vulnerabilities > CVE-2009-3129 - Out-of-bounds Write vulnerability in Microsoft products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

microsoft

CWE-787

nessus

exploit available

metasploit

NVD

Published: 2009-11-11

Updated: 2024-07-16

Summary

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Excel 2007 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer - Microsoft Excel Viewer 2003 Microsoft Office 2008 Microsoft Office 2004 Microsoft Open XML File Format Converter *	10

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Exploit-Db

description	Microsoft Excel Malformed FEATHEADER Record Vulnerability. CVE-2009-3129. Local exploit for windows platform
id	EDB-ID:16625
last seen	2016-02-02
modified	2010-09-25
published	2010-09-25
reporter	metasploit
source	https://www.exploit-db.com/download/16625/
title	Microsoft Excel Malformed FEATHEADER Record Vulnerability

description	MS Excel Malformed FEATHEADER Record Exploit (MS09-067). CVE-2009-3129,CVE-2009-3129. Local exploit for windows platform
file	exploits/windows/local/14706.py
id	EDB-ID:14706
last seen	2016-02-01
modified	2010-08-21
platform	windows
port
published	2010-08-21
reporter	anonymous
source	https://www.exploit-db.com/download/14706/
title	Microsoft Excel Malformed FEATHEADER Record Exploit MS09-067
type	local

Metasploit

description	This module exploits a vulnerability in the handling of the FEATHEADER record by Microsoft Excel. Revisions of Office XP and later prior to the release of the MS09-067 bulletin are vulnerable. When processing a FEATHEADER (Shared Feature) record, Microsoft used a data structure from the file to calculate a pointer offset without doing proper validation. Attacker supplied data is then used to calculate the location of an object, and in turn a virtual function call. This results in arbitrary code execution. NOTE: On some versions of Office, the user will need to dismiss a warning dialog prior to the payload executing.
id	MSF:EXPLOIT/WINDOWS/FILEFORMAT/MS09_067_EXCEL_FEATHEADER
last seen	2020-02-26
modified	2020-01-15
published	2010-02-12
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb
title	MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability

Msbulletin

bulletin_id	MS09-067
bulletin_url
date	2009-11-10T00:00:00
impact	Remote Code Execution
knowledgebase_id	972652
knowledgebase_url
severity	Important
title	Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS09-067.NASL
description	The remote host contains a version of Microsoft Excel, Excel Viewer, 2007 Microsoft Office system, or Microsoft Office Compatibility Pack that is affected by several memory corruption vulnerabilities. An attacker could exploit this by tricking a user into opening a maliciously crafted Excel file, resulting in the execution of arbitrary code subject to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	42441
published	2009-11-10
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42441
title	MS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42441); script_version("1.31"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id( "CVE-2009-3127", "CVE-2009-3128", "CVE-2009-3129", "CVE-2009-3130", "CVE-2009-3131", "CVE-2009-3132", "CVE-2009-3133", "CVE-2009-3134" ); script_bugtraq_id(36908, 36909, 36911, 36912, 36943, 36944, 36945, 36946); script_xref(name:"MSFT", value:"MS09-067"); script_xref(name:"MSKB", value:"973471"); script_xref(name:"MSKB", value:"973475"); script_xref(name:"MSKB", value:"973484"); script_xref(name:"MSKB", value:"973593"); script_xref(name:"MSKB", value:"973704"); script_xref(name:"MSKB", value:"973707"); script_xref(name:"EDB-ID", value:"14706"); script_xref(name:"EDB-ID", value:"16625"); script_name(english:"MS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)"); script_summary(english:"Checks the version of all affected Excel renderers"); script_set_attribute( attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through opening a Microsoft Excel file." ); script_set_attribute( attribute:"description", value: "The remote host contains a version of Microsoft Excel, Excel Viewer, 2007 Microsoft Office system, or Microsoft Office Compatibility Pack that is affected by several memory corruption vulnerabilities. An attacker could exploit this by tricking a user into opening a maliciously crafted Excel file, resulting in the execution of arbitrary code subject to the user's privileges." ); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-067"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-09-083/"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Office XP, Office 2003, Office 2007, and Office Excel Viewer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(94, 119); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel_viewer"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_nt_ms02-031.nasl", "office_installed.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("misc_func.inc"); include("audit.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-067'; kbs = make_list("973471", "973475", "973484", "973593", "973704", "973707"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); info = ""; # Excel. kb = ''; vuln = 0; installs = get_kb_list("SMB/Office/Excel//ProductPath"); if (!isnull(installs)) { foreach install (keys(installs)) { version = install - 'SMB/Office/Excel/' - '/ProductPath'; path = installs[install]; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Excel 2007. if ( ver[0] == 12 && ver[1] == 0 && ( ver[2] < 6514 \|\| (ver[2] == 6514 && ver[3] < 5000) ) ) { office_sp = get_kb_item("SMB/Office/2007/SP"); if (!isnull(office_sp) && (office_sp == 1 \|\| office_sp == 2)) { vuln++; info = '\n Product : Excel 2007' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 12.0.6514.5000\n'; kb = '973593'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } # Excel 2003. else if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8316) { office_sp = get_kb_item("SMB/Office/2003/SP"); if (!isnull(office_sp) && office_sp == 3) { vuln++; info = '\n Product : Excel 2003' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 11.0.8316.0\n'; kb = '973475'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } # Excel 2002. else if (ver[0] == 10 && ver[1] == 0 && ver[2] < 6856) { office_sp = get_kb_item("SMB/Office/XP/SP"); if (!isnull(office_sp) && office_sp == 3) { vuln++; info = '\n Product : Excel 2002' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 10.0.6856.0\n'; kb = '973471'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } } } # Excel Viewer. installs = get_kb_item("SMB/Office/ExcelViewer//ProductPath"); if (!isnull(installs)) { foreach install (keys(installs)) { version = install - 'SMB/Office/ExcelViewer/' - '/ProductPath'; path = installs[install]; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Excel Viewer. if ( ver[0] == 12 && ver[1] == 0 && ( ver[2] < 6514 \|\| (ver[2] == 6514 && ver[3] < 5000) ) ) { vuln++; info = '\n Product : Excel Viewer' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 12.0.6514.5000\n'; kb = '973707'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } # Excel Viewer 2003. else if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8313) { vuln++; info = '\n Product : Excel 2003' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 11.0.8313.0\n'; kb = '973484'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } } # 2007 Microsoft Office system and the Microsoft Office Compatibility Pack. installs = get_kb_list("SMB/Office/ExcelCnv/*/ProductPath"); if (!isnull(installs)) { foreach install (keys(installs)) { version = install - 'SMB/Office/ExcelCnv/' - '/ProductPath'; path = installs[install]; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # 2007 Office system and the Office Compatibility Pack. if ( ver[0] == 12 && ver[1] == 0 && ( ver[2] < 6514 \|\| (ver[2] == 6514 && ver[3] < 5000) ) ) { info = '\n Product : 2007 Office system and the Office Compatibility Pack' + '\n File : ' + path + '\n Installed version : ' + version + '\n Fixed version : 12.0.6514.5000\n'; kb = '973704'; hotfix_add_report(info, bulletin:bulletin, kb:kb); } } } if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); exit(0); } else audit(AUDIT_HOST_NOT, 'affected');

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_MS_OFFICE_NOV2009.NASL
description	The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel or Word file, these issues could be leveraged to execute arbitrary code subject to the user
last seen	2019-10-28
modified	2010-10-20
plugin id	50063
published	2010-10-20
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/50063
title	MS09-067 / MS09-068: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (972652 / 976307) (Mac OS X)
code	#TRUSTED 5489dfbca3177efc26893565dd865ef43a08040c1ba1469c8e5df8c9fc33bfc49ebad3cdf886e66812c6998067dd16a0b7dc57629d42489961890d4787a5759fa4169f5644831122206f8f2b79561a42aae3ee4ec960c580a8bbe719799e7e7072a4dc99498842a93edb4ce8408c615904f1f030d6fa0f5a988707c22b1a6fad76222e48da7a4ae3c7125870ad5732073c6120b025e934c15f19a505af987113d7f04fd0d7af1bfd003b27a1019ea5daa4a29ace1cb0c115dbddab4d58d7e21c02bac9ed9b6cd9c186c6782421ce88bb6cbba2b3e418186ca160f2afae5797995636576755789272cdc7e204ce992b09e9cd8531afb0b548e8ce244c78d4830a6b7cc42b27385579d5d36c598bb8080fd088970377730f20696508cd91a6664eac262b5396ec686c1fac0bd8a061d0f864a717f9135f881a124d7d30cc774353a58d019397accae8860c1e844feff130cc1448378823e4ec37089cdcf64bc1435c9b85ff933e24e838c70782a5f4e4ff611498e98f13ed967a055e499d38bae9488d6a1edb5052231a5c1936d26a891d844376b2533a50bb0229ac4df3a0bbb246ba5052c73d6bd9c80f28b7a433c762009c95303f033a8e289e716df2b1729741c74544410ddc41c2bd8f309e14bdb37252fc532a4f5c7411b23a8ff86ab1c8ce17e390507cd1fa7f161bc1fda767c7cc65790b39918205d5b34d56dd76e27a # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(50063); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id( "CVE-2009-3127", "CVE-2009-3129", "CVE-2009-3130", "CVE-2009-3131", "CVE-2009-3132", "CVE-2009-3133", "CVE-2009-3134", "CVE-2009-3135" ); script_bugtraq_id(36908, 36909, 36911, 36912, 36943, 36945, 36946, 36950); script_xref(name:"MSFT", value:"MS09-067"); script_xref(name:"MSFT", value:"MS09-068"); script_xref(name:"MSKB", value:"972652"); script_xref(name:"MSKB", value:"976307"); script_xref(name:"MSKB", value:"976828"); script_xref(name:"MSKB", value:"976830"); script_xref(name:"MSKB", value:"976831"); script_name(english:"MS09-067 / MS09-068: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (972652 / 976307) (Mac OS X)"); script_summary(english:"Check version of Microsoft Office"); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel or Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges."); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-067"); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-068"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2008::mac"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:open_xml_file_format_converter:::mac"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); function exec(cmd) { local_var buf, ret; if (islocalhost()) buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd)); else { ret = ssh_open_connection(); if (!ret) exit(1, "ssh_open_connection() failed."); buf = ssh_cmd(cmd:cmd); ssh_close_connection(); } return buf; } packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing."); uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (!egrep(pattern:"Darwin.", string:uname)) exit(1, "The host does not appear to be using the Darwin sub-system."); # Gather version info. info = ''; installs = make_array(); prod = 'Office 2008 for Mac'; plist = "/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist"; cmd = 'cat \'' + plist + '\' \| ' + 'grep -A 1 CFBundleShortVersionString \| ' + 'tail -n 1 \| ' + 'sed \'s/.string>\\(.\\)<\\/string>./\\1/g\''; version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); if (version !~ "^12\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'."); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '12.2.3'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } prod = 'Office 2004 for Mac'; cmd = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office"); version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); if (version !~ "^11\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'."); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '11.5.6'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } prod = 'Open XML File Format Converter for Mac'; plist = "/Applications/Open XML Converter.app/Contents/Info.plist"; cmd = 'cat \'' + plist + '\' \| ' + 'grep -A 1 CFBundleShortVersionString \| ' + 'tail -n 1 \| ' + 'sed \'s/.string>\\(.\\)<\\/string>.*/\\1/g\''; version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '1.1.3'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } # Report findings. if (info) { gs_opt = get_kb_item("global_settings/report_verbosity"); if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info); else security_hole(0); exit(0); } else { if (max_index(keys(installs)) == 0) exit(0, "Office for Mac / Open XML File Format Converter is not installed."); else { msg = 'The host has '; foreach prod (sort(keys(installs))) msg += prod + ' ' + installs[prod] + ' and '; msg = substr(msg, 0, strlen(msg)-1-strlen(' and ')); msg += ' installed and thus is not affected.'; exit(0, msg); } }

Oval

accepted

2014-06-30T04:11:19.365-04:00

class

vulnerability

contributors

name Dragos Prisaca
organization Gideon Technologies, Inc.
name Shane Shaffer
organization G2, Inc.
name Josh Turpin
organization Symantec Corporation
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Excel 2002 is installed
oval oval:org.mitre.oval:def:473
comment Microsoft Excel 2003 is installed
oval oval:org.mitre.oval:def:764
comment Microsoft Excel 2007 is installed
oval oval:org.mitre.oval:def:1745
comment Microsoft Excel Viewer 2003 is installed
oval oval:org.mitre.oval:def:439
comment Microsoft Excel Viewer 2007 is installed
oval oval:org.mitre.oval:def:6006
comment Microsoft Office Compatibility Pack is installed
oval oval:org.mitre.oval:def:1853
comment Microsoft Excel 2007 is installed
oval oval:org.mitre.oval:def:1745

description

family

windows

oval:org.mitre.oval:def:6521

status

accepted

submitted

2009-11-10T13:00:00

title

Excel Featheader Record Memory Corruption Vulnerability

version

Packetstorm

data source	https://packetstormsecurity.com/files/download/86295/ms09_067_excel_featheader.rb.txt
id	PACKETSTORM:86295
last seen	2016-12-05
published	2010-02-15
reporter	Sean Larsson
source	https://packetstormsecurity.com/files/86295/Microsoft-Excel-Malformed-FEATHEADER-Record-Vulnerability.html
title	Microsoft Excel Malformed FEATHEADER Record Vulnerability

data source	https://packetstormsecurity.com/files/download/92977/msexcelfeatheader-overflow.txt
id	PACKETSTORM:92977
last seen	2016-12-05
published	2010-08-24
reporter	Abhishek Lyall
source	https://packetstormsecurity.com/files/92977/Microsoft-Excel-Featheader-Buffer-Overflow.html
title	Microsoft Excel Featheader Buffer Overflow

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 36945 CVE ID: CVE-2009-3129 Excel是微软Office套件中的电子表格工具。 Excel在处理Excel BIFF文件格式中的共享功能头（0x867）标签时存在内存破坏漏洞。如果所解析的Excel文件中FEATHEADER记录设置了特制的 cbHdrData大小元素，就可以直接控制所计算出指针的距离。这可能导致以当前登录用户的权限执行任意指令。 Microsoft Excel Viewer SP2 Microsoft Excel Viewer SP1 Microsoft Excel Viewer 2003 SP3 Microsoft Excel 2007 SP2 Microsoft Excel 2007 SP1 Microsoft Excel 2003 SP3 Microsoft Excel 2002 SP3 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac 临时解决方法： * 使用Microsoft Office文件阻断策略以防止打开未知或不可信任来源的Office 2003及更早版本的文档。 * 不要打开或保存从不受信任来源或从受信任来源意外收到的Microsoft Office文件。厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS09-067）以及相应补丁: MS09-067：Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) 链接：http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx?pf=true
id	SSV:12606
last seen	2017-11-19
modified	2009-11-11
published	2009-11-11
reporter	Root
title	Microsoft Excel FEATHEADER记录内存破坏漏洞（MS09-067）

bulletinFamily	exploit
description	No description provided by source.
id	SSV:69643
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-69643
title	MS Excel Malformed FEATHEADER Record Exploit (MS09-067)

The Hacker News

id	THN:B02C7C78600ED331232ABD4D1F8D2C4A
last seen	2017-01-08
modified	2013-10-14
published	2013-01-14
reporter	Pierluigi Paganini
source	http://thehackernews.com/2013/01/operation-red-october-cyber-espionage.html
title	Operation Red October : Cyber Espionage campaign against many Governments

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Msbulletin

Nessus

Oval

Packetstorm

Seebug

The Hacker News

References