Lucene search

SAINT CorporationSAINT:29F95DA39F8818100E7B18B669A29CDD

HistoryJan 11, 2007 - 12:00 a.m.

Microsoft Excel PALETTE record buffer overflow

2007-01-1100:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.89 High

EPSS

Percentile

98.4%

JSON

Added: 01/11/2007
CVE: CVE-2007-0031
BID: 21922
OSVDB: 31258

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted BIFF8 spreadsheet with a long PALETTE record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-002.

References

<http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx>
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461>

Limitations

Exploit works on Microsoft Excel 2000 9.0.3821 SR-1.

Exploit requires a user to download the exploit file and open it in Microsoft Excel.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.89 High

EPSS

Percentile

98.4%

JSON

Related for SAINT:29F95DA39F8818100E7B18B669A29CDD