Excel Featheader Record Memory Corruption Vulnerability

  Severity: CRITICAL
  CVE Identifier: CVE-2009-3129
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1003817
  Trend Micro Deep Security DPI Rule Name: 1003817 - Excel Featheader Record Memory Corruption Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Open XML File Format Converter
  • Microsoft Office 2008
  • Microsoft Office 2004
  • Microsoft Excel Viewer 2003
  • Microsoft Excel Viewer
  • Microsoft Excel 2007
  • Microsoft Excel 2003
  • Microsoft Excel 2002
  • Microsoft Compatibility Pack Word Excel Powerpoint 2007

Featured Stories