Microsoft Excel SST record code execution

2009-04-23T00:00:00
ID SAINT:2E09A3921D6DE8DCBF60E386A5490C8C
Type saint
Reporter SAINT Corporation
Modified 2009-04-23T00:00:00

Description

Added: 04/23/2009
CVE: CVE-2009-0238
BID: 33870
OSVDB: 52695

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A vulnerability in Microsoft Excel allows command execution when a user opens a spreadsheet containing a specially crafted SST record with an odd byte count in the ExtRst structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-009.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx>

Limitations

Exploit works on Microsoft Excel 2007 SP1 and requires a user to open the exploit file in Microsoft Excel.

Platforms

Windows XP