Microsoft Excel rtAFDesc record invalid pointer access

2008-01-17T00:00:00
ID SAINT:6692581D64325BD109128F6D963F1E67
Type saint
Reporter SAINT Corporation
Modified 2008-01-17T00:00:00

Description

Added: 01/17/2008
CVE: CVE-2008-0081
BID: 27305
OSVDB: 40344

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed rtAFDesc record. This can lead to arbitrary command execution when a user opens a specially crafted file.

Resolution

Refer to Microsoft Security Advisory 947563 and apply a patch when available.

References

<http://www.microsoft.com/technet/security/advisory/947563.mspx>

Limitations

Exploit works on Microsoft Excel 2003 Service Pack 2 with patch KB940602 and requires a user to open the exploit file in Microsoft Excel.

The success of this exploit may depend on the state of the target system at the time the exploit is attempted.

Platforms

Windows 2000
Windows XP SP1
Windows XP SP2