Sébastien MorinEDB-ID:39694Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.689 Medium
EPSS
Percentile
98.0%
#######################################################################################
# Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution
# Application: Microsoft Office Excel
# Affected Products: Microsoft Office Excel 2007,2010,2013,2016
# Software Link: https://products.office.com/en-ca/excel
# Date: April 12, 2016
# CVE: CVE-2016-0122 (MS16-042)
# Author: Sébastien Morin from COSIG
# Contact: https://twitter.com/COSIG_ (@COSIG_)
# Personal contact: https://smsecurity.net/; https://twitter.com/SebMorin1 (@SebMorin1)
#######################################################################################
===================
Introduction:
===================
Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X, and iOS. It features calculation, graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications. It has been a very widely applied spreadsheet for these platforms, especially since version 5 in 1993, and it has replaced Lotus 1-2-3 as the industry standard for spreadsheets. Excel forms part of Microsoft Office.
(https://en.wikipedia.org/wiki/Microsoft_Excel)
#######################################################################################
===================
Report Timeline:
===================
2016-02-06: Sébastien Morin from COSIG report the vulnerability to MSRC.
2016-02-16: MSRC confirm the vulnerability.
2016-04-12: Microsoft fixed the issue (MS16-042).
2016-04-13: Advisory released.
#######################################################################################
===================
Technical details:
===================
This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file (.xlsm). An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
#######################################################################################
==========
POC:
==========
https://smsecurity.net/wp-content/uploads/2016/04/Microsoft_Office_Excel_Out-of-Bounds_Read_RCE.xlsm
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39694.zip
#######################################################################################Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.689 Medium
EPSS
Percentile
98.0%