Microsoft Office Excel Malformed Record Arbitrary Code Execution

2006-03-14T14:32:39
ID OSVDB:23902
Type osvdb
Reporter Eyas(security@xfocus.org)
Modified 2006-03-14T14:32:39

Description

Vulnerability Description

A remote overflow exists in Excel. The product fails to check the length of a buffer of a record resulting in a stack overflow. With a specially crafted .xls file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Excel. The product fails to check the length of a buffer of a record resulting in a stack overflow. With a specially crafted .xls file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1015766 Secunia Advisory ID:19138 Related OSVDB ID: 23899 Related OSVDB ID: 23900 Related OSVDB ID: 23903 Related OSVDB ID: 23898 Related OSVDB ID: 23901 Microsoft Security Bulletin: MS06-012 Microsoft Knowledge Base Article: 905413 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1521.html Keyword: xfocus-SD-060314 CVE-2006-0031