Microsoft Excel Substream Parsing Integer Overflow

2011-11-08T00:00:00
ID SAINT:7B206168EE040415028D1ACACF7854DD
Type saint
Reporter SAINT Corporation
Modified 2011-11-08T00:00:00

Description

Added: 11/08/2011
CVE: CVE-2011-0097
OSVDB: 71758

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

Microsoft Excel 2007 versions lacking the patch (KB2464583) detailed in Microsoft Security Advisory MS11-021 contain an integer overflow vulnerability when parsing data included in a **400h** substream. An attacker who entices a user to open a specially formatted Excel document may be able to execute arbitrary code on the user's system.

Resolution

Apply the patch outlined in Microsoft Security Advisory MS11-021.

References

<http://technet.microsoft.com/en-us/security/bulletin/MS11-021>
<http://secunia.com/advisories/39122/>

Limitations

Exploit works on Microsoft Excel 2007 SP2.

This exploit requires the Compress-Zlib PERL module, which is available from cpan.org.

Platforms

Windows XP
Windows 7