Vulnerabilities > CVE-2009-3130 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-119
critical
nessus

Summary

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Msbulletin

bulletin_idMS09-067
bulletin_url
date2009-11-10T00:00:00
impactRemote Code Execution
knowledgebase_id972652
knowledgebase_url
severityImportant
titleVulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS09-067.NASL
    descriptionThe remote host contains a version of Microsoft Excel, Excel Viewer, 2007 Microsoft Office system, or Microsoft Office Compatibility Pack that is affected by several memory corruption vulnerabilities. An attacker could exploit this by tricking a user into opening a maliciously crafted Excel file, resulting in the execution of arbitrary code subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id42441
    published2009-11-10
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42441
    titleMS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42441);
      script_version("1.31");
      script_cvs_date("Date: 2018/11/15 20:50:30");
    
      script_cve_id(
        "CVE-2009-3127",
        "CVE-2009-3128",
        "CVE-2009-3129",
        "CVE-2009-3130",
        "CVE-2009-3131",
        "CVE-2009-3132",
        "CVE-2009-3133",
        "CVE-2009-3134"
      );
      script_bugtraq_id(36908, 36909, 36911, 36912, 36943, 36944, 36945, 36946);
      script_xref(name:"MSFT", value:"MS09-067");
      script_xref(name:"MSKB", value:"973471");
      script_xref(name:"MSKB", value:"973475");
      script_xref(name:"MSKB", value:"973484");
      script_xref(name:"MSKB", value:"973593");
      script_xref(name:"MSKB", value:"973704");
      script_xref(name:"MSKB", value:"973707");
      script_xref(name:"EDB-ID", value:"14706");
      script_xref(name:"EDB-ID", value:"16625");
    
      script_name(english:"MS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)");
      script_summary(english:"Checks the version of all affected Excel renderers");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "Arbitrary code can be executed on the remote host through opening a
    Microsoft Excel file."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote host contains a version of Microsoft Excel, Excel Viewer,
    2007 Microsoft Office system, or Microsoft Office Compatibility Pack
    that is affected by several memory corruption vulnerabilities.  An
    attacker could exploit this by tricking a user into opening a
    maliciously crafted Excel file, resulting in the execution of
    arbitrary code subject to the user's privileges."
      );
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-067");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-09-083/");
      script_set_attribute(
        attribute:"solution",
        value:
    "Microsoft has released a set of patches for Office XP, Office 2003,
    Office 2007, and Office Excel Viewer."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(94, 119);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel_viewer");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_nt_ms02-031.nasl", "office_installed.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, 'Host/patch_management_checks');
    
      exit(0);
    }
    
    
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("misc_func.inc");
    include("audit.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS09-067';
    kbs = make_list("973471", "973475", "973484", "973593", "973704", "973707");
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    
    info = "";
    
    # Excel.
    
    kb = '';
    vuln = 0;
    installs = get_kb_list("SMB/Office/Excel/*/ProductPath");
    if (!isnull(installs))
    {
      foreach install (keys(installs))
      {
        version = install - 'SMB/Office/Excel/' - '/ProductPath';
        path = installs[install];
    
        ver = split(version, sep:'.', keep:FALSE);
        for (i=0; i<max_index(ver); i++)
          ver[i] = int(ver[i]);
    
        # Excel 2007.
        if (
          ver[0] == 12 && ver[1] == 0 &&
          (
            ver[2] < 6514 ||
            (ver[2] == 6514 && ver[3] < 5000)
          )
        )
        {
          office_sp = get_kb_item("SMB/Office/2007/SP");
          if (!isnull(office_sp) && (office_sp == 1 || office_sp == 2))
          {
            vuln++;
            info =
              '\n  Product           : Excel 2007' +
              '\n  File              : ' + path +
              '\n  Installed version : ' + version +
              '\n  Fixed version     : 12.0.6514.5000\n';
            kb = '973593';
            hotfix_add_report(info, bulletin:bulletin, kb:kb);
          }
        }
        # Excel 2003.
        else if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8316)
        {
          office_sp = get_kb_item("SMB/Office/2003/SP");
          if (!isnull(office_sp) && office_sp == 3)
          {
            vuln++;
            info =
              '\n  Product           : Excel 2003' +
              '\n  File              : ' + path +
              '\n  Installed version : ' + version +
              '\n  Fixed version     : 11.0.8316.0\n';
            kb = '973475';
            hotfix_add_report(info, bulletin:bulletin, kb:kb);
          }
        }
        # Excel 2002.
        else if (ver[0] == 10 && ver[1] == 0 && ver[2] < 6856)
        {
          office_sp = get_kb_item("SMB/Office/XP/SP");
          if (!isnull(office_sp) && office_sp == 3)
          {
            vuln++;
            info =
              '\n  Product           : Excel 2002' +
              '\n  File              : ' + path +
              '\n  Installed version : ' + version +
              '\n  Fixed version     : 10.0.6856.0\n';
            kb = '973471';
            hotfix_add_report(info, bulletin:bulletin, kb:kb);
          }
        }
      }
    }
    
    
    # Excel Viewer.
    installs = get_kb_item("SMB/Office/ExcelViewer/*/ProductPath");
    if (!isnull(installs))
    {
      foreach install (keys(installs))
      {
        version = install - 'SMB/Office/ExcelViewer/' - '/ProductPath';
        path = installs[install];
    
        ver = split(version, sep:'.', keep:FALSE);
        for (i=0; i<max_index(ver); i++)
          ver[i] = int(ver[i]);
    
        # Excel Viewer.
        if (
          ver[0] == 12 && ver[1] == 0 &&
          (
            ver[2] < 6514 ||
            (ver[2] == 6514 && ver[3] < 5000)
          )
        )
        {
          vuln++;
          info =
            '\n  Product           : Excel Viewer' +
            '\n  File              : ' + path +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : 12.0.6514.5000\n';
          kb = '973707';
          hotfix_add_report(info, bulletin:bulletin, kb:kb);
        }
        # Excel Viewer 2003.
        else if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8313)
        {
          vuln++;
          info =
            '\n  Product           : Excel 2003' +
            '\n  File              : ' + path +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : 11.0.8313.0\n';
          kb = '973484';
          hotfix_add_report(info, bulletin:bulletin, kb:kb);
        }
      }
    }
    
    
    # 2007 Microsoft Office system and the Microsoft Office Compatibility Pack.
    installs = get_kb_list("SMB/Office/ExcelCnv/*/ProductPath");
    if (!isnull(installs))
    {
      foreach install (keys(installs))
      {
        version = install - 'SMB/Office/ExcelCnv/' - '/ProductPath';
        path = installs[install];
    
        ver = split(version, sep:'.', keep:FALSE);
        for (i=0; i<max_index(ver); i++)
          ver[i] = int(ver[i]);
    
        # 2007 Office system and the Office Compatibility Pack.
        if (
          ver[0] == 12 && ver[1] == 0 &&
          (
            ver[2] < 6514 ||
            (ver[2] == 6514 && ver[3] < 5000)
          )
        )
        {
          info =
            '\n  Product           : 2007 Office system and the Office Compatibility Pack' +
            '\n  File              : ' + path +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : 12.0.6514.5000\n';
          kb = '973704';
          hotfix_add_report(info, bulletin:bulletin, kb:kb);
        }
      }
    }
    if (vuln)
    {
      set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
      hotfix_security_hole();
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, 'affected');
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_MS_OFFICE_NOV2009.NASL
    descriptionThe remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Excel or Word file, these issues could be leveraged to execute arbitrary code subject to the user
    last seen2019-10-28
    modified2010-10-20
    plugin id50063
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50063
    titleMS09-067 / MS09-068: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (972652 / 976307) (Mac OS X)
    code
    #TRUSTED 5489dfbca3177efc26893565dd865ef43a08040c1ba1469c8e5df8c9fc33bfc49ebad3cdf886e66812c6998067dd16a0b7dc57629d42489961890d4787a5759fa4169f5644831122206f8f2b79561a42aae3ee4ec960c580a8bbe719799e7e7072a4dc99498842a93edb4ce8408c615904f1f030d6fa0f5a988707c22b1a6fad76222e48da7a4ae3c7125870ad5732073c6120b025e934c15f19a505af987113d7f04fd0d7af1bfd003b27a1019ea5daa4a29ace1cb0c115dbddab4d58d7e21c02bac9ed9b6cd9c186c6782421ce88bb6cbba2b3e418186ca160f2afae5797995636576755789272cdc7e204ce992b09e9cd8531afb0b548e8ce244c78d4830a6b7cc42b27385579d5d36c598bb8080fd088970377730f20696508cd91a6664eac262b5396ec686c1fac0bd8a061d0f864a717f9135f881a124d7d30cc774353a58d019397accae8860c1e844feff130cc1448378823e4ec37089cdcf64bc1435c9b85ff933e24e838c70782a5f4e4ff611498e98f13ed967a055e499d38bae9488d6a1edb5052231a5c1936d26a891d844376b2533a50bb0229ac4df3a0bbb246ba5052c73d6bd9c80f28b7a433c762009c95303f033a8e289e716df2b1729741c74544410ddc41c2bd8f309e14bdb37252fc532a4f5c7411b23a8ff86ab1c8ce17e390507cd1fa7f161bc1fda767c7cc65790b39918205d5b34d56dd76e27a
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50063);
      script_version("1.21");
      script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
      script_cve_id(
        "CVE-2009-3127",
        "CVE-2009-3129",
        "CVE-2009-3130",
        "CVE-2009-3131",
        "CVE-2009-3132",
        "CVE-2009-3133",
        "CVE-2009-3134",
        "CVE-2009-3135"
      );
      script_bugtraq_id(36908, 36909, 36911, 36912, 36943, 36945, 36946, 36950);
      script_xref(name:"MSFT", value:"MS09-067");
      script_xref(name:"MSFT", value:"MS09-068");
      script_xref(name:"MSKB", value:"972652");
      script_xref(name:"MSKB", value:"976307");
      script_xref(name:"MSKB", value:"976828");
      script_xref(name:"MSKB", value:"976830");
      script_xref(name:"MSKB", value:"976831");
    
      script_name(english:"MS09-067 / MS09-068: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (972652 / 976307) (Mac OS X)");
      script_summary(english:"Check version of Microsoft Office");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote Mac OS X host is affected by
    multiple remote code execution vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote Mac OS X host is running a version of Microsoft Office that
    is affected by several vulnerabilities.
    
    If an attacker can trick a user on the affected host into opening a
    specially crafted Excel or Word file, these issues could be leveraged
    to execute arbitrary code subject to the user's privileges.");
      script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-067");
      script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-068");
      script_set_attribute(attribute:"solution", value:
    "Microsoft has released a set of patches for Office 2004 for Mac,
    Office 2008 for Mac, and Open XML File Format Converter for Mac.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(94);
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
    script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2008::mac");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:open_xml_file_format_converter:::mac");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    function exec(cmd)
    {
      local_var buf, ret;
    
      if (islocalhost())
        buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
      else
      {
        ret = ssh_open_connection();
        if (!ret) exit(1, "ssh_open_connection() failed.");
        buf = ssh_cmd(cmd:cmd);
        ssh_close_connection();
      }
      return buf;
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    if (!egrep(pattern:"Darwin.*", string:uname)) exit(1, "The host does not appear to be using the Darwin sub-system.");
    
    
    # Gather version info.
    info = '';
    installs = make_array();
    
    prod = 'Office 2008 for Mac';
    plist = "/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist";
    cmd =  'cat \'' + plist + '\' | ' +
      'grep -A 1 CFBundleShortVersionString | ' +
      'tail -n 1 | ' +
      'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
    version = exec(cmd:cmd);
    if (version && version =~ "^[0-9]+\.")
    {
      version = chomp(version);
      if (version !~ "^12\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'.");
    
      installs[prod] = version;
    
      ver = split(version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(ver); i++)
        ver[i] = int(ver[i]);
    
      fixed_version = '12.2.3';
      fix = split(fixed_version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(fix); i++)
        fix[i] = int(fix[i]);
    
      for (i=0; i<max_index(fix); i++)
        if ((ver[i] < fix[i]))
        {
          info +=
            '\n  Product           : ' + prod +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : ' + fixed_version + '\n';
          break;
        }
        else if (ver[i] > fix[i])
          break;
    }
    
    prod = 'Office 2004 for Mac';
    cmd = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");
    version = exec(cmd:cmd);
    if (version && version =~ "^[0-9]+\.")
    {
      version = chomp(version);
      if (version !~ "^11\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'.");
    
      installs[prod] = version;
    
      ver = split(version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(ver); i++)
        ver[i] = int(ver[i]);
    
      fixed_version = '11.5.6';
      fix = split(fixed_version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(fix); i++)
        fix[i] = int(fix[i]);
    
      for (i=0; i<max_index(fix); i++)
        if ((ver[i] < fix[i]))
        {
          info +=
            '\n  Product           : ' + prod +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : ' + fixed_version + '\n';
          break;
        }
        else if (ver[i] > fix[i])
          break;
    }
    
    prod = 'Open XML File Format Converter for Mac';
    plist = "/Applications/Open XML Converter.app/Contents/Info.plist";
    cmd =  'cat \'' + plist + '\' | ' +
      'grep -A 1 CFBundleShortVersionString | ' +
      'tail -n 1 | ' +
      'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
    version = exec(cmd:cmd);
    if (version && version =~ "^[0-9]+\.")
    {
      version = chomp(version);
      installs[prod] = version;
    
      ver = split(version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(ver); i++)
        ver[i] = int(ver[i]);
    
      fixed_version = '1.1.3';
      fix = split(fixed_version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(fix); i++)
        fix[i] = int(fix[i]);
    
      for (i=0; i<max_index(fix); i++)
        if ((ver[i] < fix[i]))
        {
          info +=
            '\n  Product           : ' + prod +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : ' + fixed_version + '\n';
          break;
        }
        else if (ver[i] > fix[i])
          break;
    }
    
    
    # Report findings.
    if (info)
    {
      gs_opt = get_kb_item("global_settings/report_verbosity");
      if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);
      else security_hole(0);
    
      exit(0);
    }
    else
    {
      if (max_index(keys(installs)) == 0) exit(0, "Office for Mac / Open XML File Format Converter is not installed.");
      else
      {
        msg = 'The host has ';
        foreach prod (sort(keys(installs)))
          msg += prod + ' ' + installs[prod] + ' and ';
        msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));
    
        msg += ' installed and thus is not affected.';
    
        exit(0, msg);
      }
    }
    

Oval

accepted2012-05-28T04:02:02.637-04:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentMicrosoft Excel 2002 is installed
ovaloval:org.mitre.oval:def:473
descriptionHeap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
familywindows
idoval:org.mitre.oval:def:6137
statusaccepted
submitted2009-11-10T13:00:00
titleExcel Document Parsing Heap Overflow Vulnerability
version5

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 36946 CVE ID:CVE-2009-3130 Microsoft Excel是一款微软开发的电子表格处理程序。 Microsoft Office Excel存在一个远程代码执行漏洞,如果用户打开一个特殊构建的包含畸形的BIFF记录的Excel文件可允许远程代码执行。 成功利用此漏洞允许完全控制受影响系统,攻击者成功利用此漏洞可以以内核权限安装程序;查看,更改或删除数据等。 Microsoft Open XML File Format Converter for Mac Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Excel 2002 SP3 Microsoft Excel 2002 SP2 Microsoft Excel 2002 SP1 Microsoft Excel 2002 用户可参考如下微软提供的安全补丁: Microsoft Open XML File Format Converter for Mac 0 Microsoft Open XML File Format Converter for Mac 1.1.3 http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217 -497e-8f65-4347f2544ed6 Microsoft Office 2008 for Mac 0 Microsoft Microsoft Office 2008 for Mac 12.2.3 Update http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda -451e-9ead-69e10aee7928 Microsoft Excel 2002 SP3 Microsoft Security Update for Microsoft Excel 2002 (KB973471) http://www.microsoft.com/downloads/details.aspx?familyid=5672c8fc-8509 -4962-ad86-ebc0f2575043 Microsoft Office 2004 for Mac 0 Microsoft Microsoft Office 2004 for Mac 11.5.6 Update http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28 -4ecf-937c-99c4b60c7c8e
idSSV:12615
last seen2017-11-19
modified2009-11-11
published2009-11-11
reporterRoot
titleMicrosoft Excel畸形BIFF记录远程代码执行漏洞(MS09-067)