what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2009-3129

Status Candidate

Overview

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

Related Files

Microsoft Excel Featheader Buffer Overflow
Posted Aug 24, 2010
Authored by Abhishek Lyall

Microsoft Excel Featheader buffer overflow exploit that leverages the vulnerability noted in MS09-067.

tags | exploit, overflow
advisories | CVE-2009-3129
SHA-256 | d8819693a6d8e59e92d65180638700bc847187637b8b54ba49a9da9ce54a19ff
Microsoft Excel Malformed FEATHEADER Record Vulnerability
Posted Feb 15, 2010
Authored by Sean Larsson, jduck | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of the FEATHEADER record by Microsoft Excel. Revisions of Office XP and later prior to the release of the MS09-067 bulletin are vulnerable. When processing a FEATHEADER (Shared Feature) record, Microsoft used a data structure from the file to calculate a pointer offset without doing proper validation. Attacker supplied data is then used to calculate the location of an object, and in turn a virtual function call. This results in arbitrary code exection. NOTE: On some versions of Office, the user will need to dismiss a warning dialog prior to the payload executing.

tags | exploit, arbitrary
advisories | CVE-2009-3129
SHA-256 | 9b3639959e436c2af63dd333ef3f91333a796f538dda29fc89a0fd315c002e96
iDEFENSE Security Advisory 2009-11-10.2
Posted Nov 17, 2009
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 11.10.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FEATHEADER record within an Excel file. This record is used to store information common to multiple other records, and was introduced with Excel 2002 (XP). When certain fields of this record are set to a trigger value, it is possible to corrupt memory in such a way that the next 4 bytes in the record are treated as an object pointer. This pointer is then used to make a virtual function call, which results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Excel versions 2007, 2003, and XP. The record that causes the vulnerability is not supported by Excel 2000, so it is not affected by this vulnerability.

tags | advisory, remote, arbitrary
advisories | CVE-2009-3129
SHA-256 | 5f80963ddf2ce93ca1f29af19a4ef71104925c85a3890129ab19e9b97edbffb6
Zero Day Initiative Advisory 09-083
Posted Nov 17, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious spreadsheet. The specific flaw exists in the handling of Shared Feature Header (0x867) tags in an Excel BIFF file format. When processing the cbHdrData size element of the FEATHEADER it is possible to directly control the distance of a calculated pointer. This condition can be leveraged successfully to execute arbitrary code under the context of the currently logged in user.

tags | advisory, remote, arbitrary
advisories | CVE-2009-3129
SHA-256 | d548095b72374db0546e590ef01b4c3b681d0d5725433ed78d66dbb44ae398ab
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close