Cyber Resilience

CVE-2009-3129

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 November 2009

Published
11 November 2009
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9124 99.7th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2009-3129 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Excel. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2, along with Office 2004 and 2008 for Mac, the Open XML File Format Converter for Mac, Office Excel Viewer 2003 SP3, Office Excel Viewer SP1 and SP2, and the Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, contain a memory corruption vulnerability. The flaw, identified as CVE-2009-3129 and mapped to CWE-787, occurs when processing a spreadsheet containing a FEATHEADER record that supplies an invalid cbHdrData size element, resulting in an invalid pointer offset.

An attacker can supply a specially crafted spreadsheet file that, when opened by a user in any of the affected applications, triggers arbitrary code execution. The attack vector is local with no privileges required but depends on user interaction to open the document, producing a CVSS 3.1 score of 7.8 with high impact on confidentiality, integrity, and availability.

Public references list multiple exploit proofs-of-concept, including code published on Exploit-DB, confirming that working attack samples have been available since disclosure.

EU & UK References

Vulnerability details

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack…

more

for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
excel
2002, 2003, 2007
microsoft
excel viewer
2003, all versions
microsoft
office
2004, 2008
microsoft
open xml file format converter
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of FEATHEADER record fields (cbHdrData size) before pointer arithmetic, blocking the malformed input that triggers memory corruption.

prevent

Requires timely application of vendor patches that correct the invalid pointer-offset handling in Excel's FEATHEADER parser.

prevent

Applies OS- or application-level memory protections (ASLR, DEP) that raise the bar for successful code execution even if the record-parsing flaw is triggered.

References