Common Vulnerabilities and Exposures (CVE)number
CVE-2009-3129 Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
Just a quick post without any analysis. Have fun.
General File Information
File Lybia.xls
MD5 7795F3C874677C8D95D070D7D40725ADFile size : 7e0e69aff159f8bb31c4e5c62228c952d3ae1fd2
Type: XLS
Distribution: Email attachment
Download
Original Message
From: Steve Perry [mailto:steve.e.perry@gmail.com]
Sent: Tuesday, March 29, 2011 3:52 AM
To:XXXXXXXXXXXXXXX
Subject: An Interview Request from a Columbia University Student
Dear Sir,
My name is Steve Perry, and I am a student at the Columbia University Graduate School of Journalism.I was assigned to focus on current conflict in Libya and was demanded to publish it in a variety of news media outlets, which is a demand for graduation.
I learn you from the following links.
XXXXXXXXXXXXXXXXXXXXXXXXX
You are a famous expert on Middle East problems, so I request to interview your. I would be honored if you receive my interview. I have made an excel diagram including questions. I hope that when you are free, you can fill in the diagram and send it back to me. Thanks very much!
Sincerely,
Steve Perry
Message Headers
Gmail :(Received: (qmail 32598 invoked from network); 29 Mar 2011 07:52:31 -0000
Received: from mail-ww0-f67.google.com (HELO mail-ww0-f67.google.com) (74.125.82.67)
by 29 Mar 2011 07:52:31 -0000
Received: by wwa36 with SMTP id 36so738671wwa.6
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:date:message-id:subject:from:to
:content-type;
bh=9+Kwinch+3AeawaoEuQ3RtWBovUsLb0jm49x9OgIWYo=;
b=SQdWqICrXhvehS3/U1o9etl84hC3Wq9SEcaiVOGJd40mTFWwunPj6aq4LocEmdRjGC
eZCsghb/5uT74cuVjf4yWI4IEhNIxDF4g46aAH2vzDk4u/DKqNmXuH/t4jYYAdsExmhO
G16W3iTR8jYQOeZqIu+XYXosOs/Mpv4VHxq+I=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=JxFV5kH+bjtpaW14GKTeoFxH4s5Pai3QJmQrQnUmP5RcMQmDTXFvzgA7sOOcPxtmlo
0HeKcEAqZqh+MboRce6YsfRrama3ZhVPzqQoqhDovYzWUqkK0TgzaE8LvebZxaYEMP0D
9KUb8Pt1uQEukmWxdtZabPIkKKBTkPNOjNQjw=
MIME-Version: 1.0
Received: by 10.216.68.85 with SMTP id k63mr2841503wed.35.1301385149026; Tue,
29 Mar 2011 00:52:29 -0700 (PDT)
Received: by 10.216.166.84 with HTTP; Tue, 29 Mar 2011 00:52:28 -0700 (PDT)
Date: Tue, 29 Mar 2011 15:52:28 +0800
Message-ID:
Subject: An Interview Request from a Columbia University Student
From: Steve Perry
To: xxxxxxxxxxxxxxxxx
Content-Type: multipart/mixed; boundary="000e0ce0b1ba86156e049f9a5758"
Automated Scans
File name:Libya.xlshttp://www.virustotal.com/file-scan/report.html?id=b7949a6ac1f2bdf0010423c77740680e396f6234658b1c7574c576e8e7211c79-1301435181
Submission date:2011-03-29 21:46:21 (UTC)
ClamAV 0.96.4.0 2011.03.29 BC.XLS.Exploit.CVE_2009_3129
Commtouch 5.2.11.5 2011.03.24 MSExcel/Dropper.B!Camelot
Jiangmin 13.0.900 2011.03.29 Heur:Exploit.CVE-2009-3129
McAfee 5.400.0.1158 2011.03.29 Exploit-MSExcel.u
McAfee-GW-Edition 2010.1C 2011.03.29 Heuristic.BehavesLike.Exploit.X97.CodeExec.FFOD
Microsoft 1.6702 2011.03.29 Exploit:Win32/CVE-2009-3129
Sophos 4.64.0 2011.03.29 Troj/DocDrop-S
TrendMicro 9.200.0.1012 2011.03.29 TROJ_EXLDROP.SM
TrendMicro-HouseCall 9.200.0.1012 2011.03.29 TROJ_EXLDROP.SM
MD5 : 7795f3c874677c8d95d070d7d40725ad
No comments:
Post a Comment