CVE-2009-3129

CVE	CVE-2009-3129
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-11-11 19:30:00 UTC
Updated	2018-10-12 21:52:00 UTC
Description	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

EPSS: 0.916480000 probability, percentile 0.996750000 (date 2026-04-02)

CISA KEV: Listed on 2022-03-03; due 2022-03-24; ransomware use Unknown

Problem Types: CWE-94

Vendor	Microsoft
Product	Excel
Name	Microsoft Excel Featheader Record Memory Corruption Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2009-3129

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Compatibility Pack Word Excel Powerpoint	2007	sp1	All	All
Application	Microsoft	Compatibility Pack Word Excel Powerpoint	2007	sp2	All	All
Application	Microsoft	Compatibility Pack Word Excel Powerpoint	2007	sp1	All	All
Application	Microsoft	Compatibility Pack Word Excel Powerpoint	2007	sp2	All	All
Application	Microsoft	Excel	2002	sp3	All	All
Application	Microsoft	Excel	2003	sp3	All	All
Application	Microsoft	Excel	2007	sp1	All	All
Application	Microsoft	Excel	2007	sp2	All	All
Application	Microsoft	Excel	2002	sp3	All	All
Application	Microsoft	Excel	2003	sp3	All	All
Application	Microsoft	Excel	2007	sp1	All	All
Application	Microsoft	Excel	2007	sp2	All	All
Application	Microsoft	Excel Viewer	All	sp1	All	All
Application	Microsoft	Excel Viewer	All	sp2	All	All
Application	Microsoft	Excel Viewer	2003	sp3	All	All
Application	Microsoft	Excel Viewer	All	sp1	All	All
Application	Microsoft	Excel Viewer	All	sp2	All	All
Application	Microsoft	Excel Viewer	2003	sp3	All	All
Application	Microsoft	Office	2004	All	mac	All
Application	Microsoft	Office	2008	All	mac	All
Application	Microsoft	Office	2004	All	mac	All
Application	Microsoft	Office	2008	All	mac	All
Application	Microsoft	Open Xml File Format Converter	All	All	mac	All
Application	Microsoft	Open Xml File Format Converter	All	All	mac	All

Reference	Source	Link	Tags
Repository / Oval Repository	OVAL	oval.cisecurity.org
Microsoft Security Bulletin MS09-067 - Important \| Microsoft Docs	MS	docs.microsoft.com
20091110 ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability	BUGTRAQ	archives.neohapsis.com
MS Excel Malformed FEATHEADER Record Exploit (MS09-067)	EXPLOIT-DB	www.exploit-db.com	Exploit
59860	OSVDB	osvdb.org
Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability	BID	www.securityfocus.com
US-CERT Technical Cyber Security Alert TA09-314A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Zero Day Initiative	MISC	www.zerodayinitiative.com
Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
Public Advisory: 11.10.09 // iDefense Labs	IDEFENSE	labs.idefense.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.