Tuesday, March 29, 2011

Mar 29 CVE-2009-3129 XLS An Interview Request from a Columbia University Student

Common Vulnerabilities and Exposures (CVE)number

CVE-2009-3129 Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."


Just a quick post without any analysis. Have fun.

  General File Information

File  Lybia.xls
MD5   7795F3C874677C8D95D070D7D40725AD
File size : 7e0e69aff159f8bb31c4e5c62228c952d3ae1fd2
Type:  XLS
Distribution: Email attachment


Original Message

From: Steve Perry []
Sent: Tuesday, March 29, 2011 3:52 AM
Subject: An Interview Request from a Columbia University Student

Dear Sir,

My name is Steve Perry, and I am a student at the Columbia University Graduate School of Journalism.I was assigned to focus on current conflict in Libya and was demanded to publish it in a variety of news media outlets, which is a demand for graduation.

I learn you from the following links.

You are a famous expert on Middle East problems, so I request to interview your. I would be honored if you receive my interview. I have made an excel diagram including questions. I hope that when you are free, you can fill in the diagram and send it back to me. Thanks very much!

Steve Perry

Message Headers

Gmail :(

Received: (qmail 32598 invoked from network); 29 Mar 2011 07:52:31 -0000
Received: from (HELO (
  by           29 Mar 2011 07:52:31 -0000
Received: by wwa36 with SMTP id 36so738671wwa.6
        for ; Tue, 29 Mar 2011 00:52:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma;
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma;
MIME-Version: 1.0
Received: by with SMTP id k63mr2841503wed.35.1301385149026; Tue,
 29 Mar 2011 00:52:29 -0700 (PDT)
Received: by with HTTP; Tue, 29 Mar 2011 00:52:28 -0700 (PDT)
Date: Tue, 29 Mar 2011 15:52:28 +0800
Subject: An Interview Request from a Columbia University Student
From: Steve Perry
To: xxxxxxxxxxxxxxxxx
Content-Type: multipart/mixed; boundary="000e0ce0b1ba86156e049f9a5758"

Automated Scans

File name:Libya.xls
Submission date:2011-03-29 21:46:21 (UTC)
ClamAV     2011.03.29     BC.XLS.Exploit.CVE_2009_3129
Commtouch     2011.03.24     MSExcel/Dropper.B!Camelot
Jiangmin     13.0.900     2011.03.29     Heur:Exploit.CVE-2009-3129
McAfee     5.400.0.1158     2011.03.29     Exploit-MSExcel.u
McAfee-GW-Edition     2010.1C     2011.03.29     Heuristic.BehavesLike.Exploit.X97.CodeExec.FFOD
Microsoft     1.6702     2011.03.29     Exploit:Win32/CVE-2009-3129
Sophos     4.64.0     2011.03.29     Troj/DocDrop-S
TrendMicro     2011.03.29     TROJ_EXLDROP.SM
TrendMicro-HouseCall     2011.03.29     TROJ_EXLDROP.SM
MD5   : 7795f3c874677c8d95d070d7d40725ad


No comments:

Post a Comment