Microsoft Excel Named Graph record buffer overflow

2007-05-24T00:00:00
ID SAINT:3C9DD9608EAC804FAC75F95E40C032F4
Type saint
Reporter SAINT Corporation
Modified 2007-05-24T00:00:00

Description

Added: 05/24/2007
CVE: CVE-2007-0215
BID: 23760
OSVDB: 34393

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted spreadsheet with a long Named Graph record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-023.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-026.html>

Limitations

Exploit works on Microsoft Excel 2000 SP3 and 2002 SP3 and requires a user to open the exploit file.

Platforms

Windows 2000
Windows XP