Executive Risk Summary
"The Excel Featheader Record Memory Corruption Vulnerability allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element. This vulnerability affects various versions of Microsoft Office Excel, including 2002, 2003, and 2007, as well as Office 2004 and 2008 for Mac."
Anticipated Attack Path
- 1. Initial Exploitation: An attacker sends a malicious Excel file to a victim
- 2. Exploitation: The victim opens the malicious Excel file, triggering the vulnerability
- 3. Post-Exploitation: The attacker gains control of the victim's system
Am I Vulnerable?
- Verify that all versions of Microsoft Office Excel are up-to-date with the latest security patches
- Implement a policy to only open Excel files from trusted sources
- Use a vulnerability scanner to identify and remediate vulnerable systems
Operational Audit Arsenal
Target Type Process
Target Asset EXCEL.EXE
Standard Path C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: EXCEL.EXE (Process)
$Targets = 'EXCEL.EXE'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Minimal, but may require restarting Microsoft Office Excel
Internal Work Notes
Apply MS09-067 patch to vulnerable Microsoft Office Excel installations to prevent arbitrary code execution
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttp://archives.neohapsis.com/archives/bugtraq/2009-11/0080.html
Official Advisoryhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832
Official Advisoryhttp://osvdb.org/59860
Official Advisoryhttp://www.exploit-db.com/exploits/14706
Official Advisoryhttp://www.securityfocus.com/bid/36945
Official Advisoryhttp://www.securitytracker.com/id?1023157
Official Advisoryhttp://www.us-cert.gov/cas/techalerts/TA09-314A.html
Official Advisoryhttp://www.zerodayinitiative.com/advisories/ZDI-09-083
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067
Official Advisoryhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6521
Official Advisoryhttp://archives.neohapsis.com/archives/bugtraq/2009-11/0080.html
Official Advisoryhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832
Official Advisoryhttp://osvdb.org/59860
Official Advisoryhttp://www.exploit-db.com/exploits/14706
Official Advisoryhttp://www.securityfocus.com/bid/36945
Official Advisoryhttp://www.securitytracker.com/id?1023157
Official Advisoryhttp://www.us-cert.gov/cas/techalerts/TA09-314A.html
Official Advisoryhttp://www.zerodayinitiative.com/advisories/ZDI-09-083
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067
Official Advisoryhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6521
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3129
Related Microsoft Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.