Lucene search

SAINT CorporationSAINT:113BD009D4913260F030E3708FF00BEF

HistoryDec 01, 2010 - 12:00 a.m.

Microsoft Excel Drawing Exception Handling vulnerability

2010-12-0100:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON

Added: 12/01/2010
CVE: CVE-2010-3335
BID: 44659
OSVDB: 69087

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A use-after-free vulnerability during exception handling in Microsoft Office allows command execution when a user opens an Excel spreadsheet containing a specially crafted Office Art record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-087.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-246/>

Limitations

Exploit works on Microsoft Excel 2003 SP2 and 2007 SP2 and requires a user to open the exploit file in Microsoft Excel.

Execution of the exploit requires the Compress-Zlib PERL module.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON

Related for SAINT:113BD009D4913260F030E3708FF00BEF