CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3129

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score35.0450%
EPSS Percentile94.60th
PublishedNov 11, 2009
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Excel

= 2002
πŸ“¦
Microsoft

Excel

= 2003
πŸ“¦
Microsoft

Excel

= 2007
πŸ“¦
Microsoft

Excel

= 2007
πŸ“¦
Microsoft

Excel Viewer

All versions
πŸ“¦
Microsoft

Excel Viewer

All versions
πŸ“¦
Microsoft

Excel Viewer

= 2003
πŸ“¦
Microsoft

Office

= 2004
πŸ“¦
Microsoft

Office

= 2008
πŸ“¦
Microsoft

Open Xml File Format Converter

All versions

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2009-11/0080.html
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832
πŸ”— http://osvdb.org/59860
πŸ”— http://www.exploit-db.com/exploits/14706
πŸ”— http://www.securityfocus.com/bid/36945
πŸ”— http://www.securitytracker.com/id?1023157
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-314A.html
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-09-083

Related Vulnerabilities

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2015-098410.0

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/...

CVE-2004-130110.0

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code v...

CVE-2019-112329.8

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sendin...