CVE-2009-3129: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability Analysis

From this webpage screenshot, the following key information about the vulnerability can be obtained: Vulnerability Name: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability Vulnerability IDs: - ZDI-09-083 - ZDI-CAN-587 - CVE-2009-3129 CVSS Score: Not provided numerically, but exists. Affected Vendor: Microsoft Affected Product: Office Excel Vulnerability Details: - The vulnerability allows remote attackers to execute arbitrary code on vulnerable Microsoft Office Excel installations. User interaction is required; attackers must trick the target into opening a malicious spreadsheet. - The specific flaw lies in the handling of the Shared Feature Header (0x867) tag in the Excel BIFF file format. During processing of the FEATHEADER's cbHdrData size element, the calculation of pointer offsets can be directly controlled. This condition can be successfully exploited to execute arbitrary code in the context of the currently logged-in user. Additional Details: Microsoft has released an update to fix this vulnerability. More details can be found in Microsoft Security Bulletin MS09-067. Disclosure Timeline: - 2009-10-20: Vulnerability reported to vendor - 2009-11-10: Coordinated public advisory released Acknowledgments: Anonymous TREND MICRO Customer Protection: Trend Micro TippingPoint IPS customers are protected against this vulnerability via Digital Vaccine filter ID ['9231']. More information is available on the TippingPoint IPS website.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2009-3129: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability Analysis