Microsoft Excel Malformed Record Memory Access Code Execution

2007-01-09T05:48:48
ID OSVDB:31249
Type osvdb
Reporter Jie Ma()
Modified 2007-01-09T05:48:48

Description

Vulnerability Description

A memory corruption flaw exists in Excel. The program fails to validate the contents of XLS files resulting in memory corruption. With a specially crafted file containing an unspecified malformed record, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A memory corruption flaw exists in Excel. The program fails to validate the contents of XLS files resulting in memory corruption. With a specially crafted file containing an unspecified malformed record, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com US-CERT Cyber Security Alert: TA07-009A Security Tracker: 1017485 Secunia Advisory ID:23676 Related OSVDB ID: 31257 Related OSVDB ID: 31255 Related OSVDB ID: 31258 Related OSVDB ID: 31256 Other Advisory URL: http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html News Article: http://www.securitypronews.com/insiderreports/insider/spn-49-20070109StrangeExcelAdvisoryAppearsOnline.html Microsoft Security Bulletin: MS07-002 Microsoft Knowledge Base Article: 927198 Mail List Post: http://attrition.org/pipermail/vim/2007-March/001414.html Keyword: FGA-2007-01 FrSIRT Advisory: ADV-2007-0103 CVE-2006-3432 CVE-2007-0028 CERT VU: 493185 Bugtraq ID: 21952