Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3130 | First vendor Publication | 2009-11-11 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6137 | |||
| Oval ID: | oval:org.mitre.oval:def:6137 | ||
| Title: | Excel Document Parsing Heap Overflow Vulnerability | ||
| Description: | Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3130 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2002 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 4 | |
| Application | 3 | |
| Application | 2 | |
| Application | 1 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-09-25 | Microsoft Excel Malformed FEATHEADER Record Vulnerability |
| 2010-08-21 | MS Excel Malformed FEATHEADER Record Exploit (MS09-067) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-11 | Name : Microsoft Office Excel Multiple Vulnerabilities (972652) File : nvt/secpod_ms09-067.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 59861 | Microsoft Office Excel BIFF Record Parsing Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-12-03 | Microsoft Office Excel row record buffer overflow attempt RuleID : 52066 - Revision : 1 - Type : FILE-OFFICE |
| 2019-12-03 | Microsoft Office Excel row record buffer overflow attempt RuleID : 52065 - Revision : 1 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Excel SXDB record memory corruption attempt RuleID : 31436 - Revision : 2 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Excel SXDB record memory corruption attempt RuleID : 31435 - Revision : 2 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel file SxView record exploit attempt RuleID : 23543 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel integer field in row record improper validation remote... RuleID : 23542 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel ptg index parsing code execution attempt RuleID : 16553 - Revision : 11 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel FeatHdr BIFF record remote code execution attempt RuleID : 16241 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel file Window/Pane record exploit attempt RuleID : 16240 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel file SxView record exploit attempt RuleID : 16236 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel file SXDB record exploit attempt RuleID : 16235 - Revision : 13 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow att... RuleID : 16233 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Excel oversized ib memory corruption attempt RuleID : 16230 - Revision : 9 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel oversized ib memory corruption attempt RuleID : 16229 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel malformed StartObject record arbitrary code execution ... RuleID : 16228 - Revision : 9 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel integer field in row record improper validation remote... RuleID : 16226 - Revision : 11 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_nov2009.nasl - Type : ACT_GATHER_INFO |
| 2009-11-10 | Name : Arbitrary code can be executed on the remote host through opening a Microsoft... File : smb_nt_ms09-067.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:09:58 |
|
| 2024-11-28 12:19:48 |
|
| 2021-05-04 12:10:11 |
|
| 2021-04-22 01:10:35 |
|
| 2020-05-23 00:24:18 |
|
| 2018-10-13 00:22:51 |
|
| 2017-09-19 09:23:23 |
|
| 2016-04-26 19:05:54 |
|
| 2014-02-17 10:51:35 |
|
| 2014-01-19 21:26:11 |
|
| 2013-05-10 23:57:08 |
|
