Microsoft Excel BIFF format Qsir record memory corruption

2009-09-11T00:00:00
ID SAINT:60A8384B9679D2BFBD5848109FCA9809
Type saint
Reporter SAINT Corporation
Modified 2009-09-11T00:00:00

Description

Added: 09/11/2009
CVE: CVE-2009-1134
BID: 35246
OSVDB: 54958

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A memory corruption vulnerability allows command execution when a user closes a spreadsheet file containing a specially crafted Qsir record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-021.

References

<http://www.zerodayinitiative.com/advisories/ZDI-09-040/>

Limitations

Exploit works on Microsoft Excel 2007 SP1 and requires a user to open and then close the exploit file in Microsoft Excel.

There may be a delay before the exploit succeeds after the file is closed.

This exploit requires the IO::Uncompress and Compress::Zlib PERL modules.

Platforms

Windows XP