CVE-2009-3129 Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
Download 61A29B7D8A6C3A03A884F2F64BE5CA21 ATT42396.zip as a password protected archive (contact me if you need the password)I have more samples of this CVE, different MD5. Email me if needed
Details 61A29B7D8A6C3A03A884F2F64BE5CA21 ATT42396.xls
From: 陳志良 [mailto:taup@msa.hinet.net]
Sent: Thursday, May 13, 2010 10:13 PM
To: XXXX
Subject: FW:三軍總醫院健康檢查中心提供健康食譜.xls
很不錯的健康食譜,多多宣傳,讓更多的臺灣民眾可以健康飲食
Sent: Thursday, May 13, 2010 10:13 PM
To: XXXX
Subject: FW:三軍總醫院健康檢查中心提供健康食譜.xls
很不錯的健康食譜,多多宣傳,讓更多的臺灣民眾可以健康飲食
From: Zhi-Liang Chen [mailto: taup@msa.hinet.net] Sent: Thursday, May 13, 2010 10:13 PM To: XXXX Subject: FW: Tri-Service General Hospital Health Examination Center provides health recipes. Xls Very good recipes, lots of publicity so that more people in Taiwan can be a healthy diet
http://www.virustotal.com/analisis/26cf5790e8b3808bb6e509fa239de93baf719ab379311c6d0d16795f25a218b6-1274269409
Result: 6/41 (14.64%)
Authentium 5.2.0.5 2010.05.19 MSExcel/Dropper.B!Camelot
Jiangmin 13.0.900 2010.05.19 Heur:Exploit.CVE-2009-3129
PCTools 7.0.3.5 2010.05.19 HeurEngine.MaliciousExploit
Symantec 20101.1.0.89 2010.05.19 Bloodhound.Exploit.306
TrendMicro 9.120.0.1004 2010.05.19 TROJ_EXELDROP.A
TrendMicro-HouseCall 9.120.0.1004 2010.05.19 TROJ_EXELDROP.A
Additional information
File size: 64512 bytes
MD5...: 61a29b7d8a6c3a03a884f2f64be5ca21
header info
Received: from msr6.hinet.net (HELO msr6.hinet.net) (168.95.4.106)
by XXXXXXXXXXXX with SMTP; 14 May 2010 02:13:35 -0000
Received: from IBM-62979760B13 (203-69-74-246.HINET-IP.hinet.net [203.69.74.246])
by msr6.hinet.net (8.9.3/8.9.3) with ESMTP id KAA15594
for XXXXX; Fri, 14 May 2010 10:13:29 +0800 (CST)
Reply-To: taup@msa.hinet.net
by XXXXXXXXXXXX with SMTP; 14 May 2010 02:13:35 -0000
Received: from IBM-62979760B13 (203-69-74-246.HINET-IP.hinet.net [203.69.74.246])
by msr6.hinet.net (8.9.3/8.9.3) with ESMTP id KAA15594
for XXXXX; Fri, 14 May 2010 10:13:29 +0800 (CST)
Reply-To: taup@msa.hinet.net
Hostname: 203-69-74-246.hinet-ip.hinet.net
ISP: CHTD, Chunghwa Telecom Co., Ltd.
Organization: Yamma Digital Technology Co., Ltd.
State/Region: T'ai-pei
ISP: CHTD, Chunghwa Telecom Co., Ltd.
Organization: Yamma Digital Technology Co., Ltd.
State/Region: T'ai-pei
