Microsoft Office Excel Featheader Record Memory Corruption
TSL ID TSL20091110-07
CVE ID(s) CVE-2009-3129
Severity High

Microsoft Office Excel contains a code execution vulnerability while parsing specially crafted Excel documents. The vulnerability is due to the way that Microsoft Office Excel handles specially crafted Excel files that include a malformed record object, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user.

In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

The vendor, Microsoft, has published a bulletin to address this vulnerability:

Affected Products
  • Microsoft Office 2003
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2007
  • Microsoft Office 2008 for Mac
  • Microsoft Office Open XML File Format Converter for Mac
  • Microsoft Office XP
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office Excel Viewer 2003
  • Microsoft Office Excel Viewer
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.0 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Microsoft Security Bulletin
Related Threats TSL20130114-08 - Backdoor.Win32.Rocra.A
TSL20110908-01 - Trojan.Win32.Sofacy.A