What is the CVSS score of CVE-2009-3129?

CVE-2009-3129 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 91.6%.

Which versions of Microsoft are affected by CVE-2009-3129?

CVE-2009-3129 presents notable security risk, a out-of-bounds write vulnerability rated CVSS 7.8.. A patch is available.

Is there a public PoC exploit available for CVE-2009-3129?

Yes, a public proof-of-concept exploit is available for CVE-2009-3129. Prioritise patching immediately. EPSS: 91.6%.

How to fix or mitigate CVE-2009-3129?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Microsoft CVE-2009-3129

HIGH

Out-of-bounds Write (CWE-787)

2009-11-11 secure@microsoft.com

RCE Buffer Overflow Memory Corruption Microsoft

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 01:15 nvd

Patch available

CVE Published

Nov 11, 2009 - 19:30 nvd

HIGH 7.8

DescriptionNVD

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."

AnalysisAI

Microsoft Office Excel 2002 through 2007 and Office for Mac contain a memory corruption vulnerability triggered by a specially crafted spreadsheet with a malformed FEATHEADER record, allowing remote code execution.

Technical ContextAI

The CWE-787 flaw occurs when Excel parses the FEATHEADER record in legacy BIFF format files. A crafted record with incorrect size fields causes a heap-based buffer overflow, enabling arbitrary code execution in the context of the user running Excel.

RemediationAI

Apply Microsoft security update MS09-067. Migrate to current Office versions with Protected View and ASLR mitigations. Block legacy .xls formats at the email gateway.

More from same product – last 7 days

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-42901 CRITICAL Monitor

10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

CVE-2009-3129 vulnerability details – vuln.today

Back

Microsoft CVE-2009-3129

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code