CVE-2009-3129

Confirmed PUBLISHED

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel...

Microsoft · Office Excel
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High

At a Glance

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

cisa metasploit
CVE Published
Nov 11, 2009
Exploitation Reported
Mar 03, 2022
CVSS
7.8 High
EPSS
Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • MS09-067 docs.microsoft.com · Vendor Advisory https://docs.microsoft.com/en-us/security-updates/securitybulletins/2...
  • TA09-314A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA09-314A.html
  • 20091110 Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability labs.idefense.com · Third-Party Advisory http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832
  • 14706 exploit-db.com · Exploit http://www.exploit-db.com/exploits/14706
  • 59860 osvdb.org · VDB Entry http://osvdb.org/59860
Show 5 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.