Microsoft Excel formula parsing integer overflow

2008-10-24T00:00:00
ID SAINT:866EDAF0506EEEA22CA6D3E2C355B3E0
Type saint
Reporter SAINT Corporation
Modified 2008-10-24T00:00:00

Description

Added: 10/24/2008
CVE: CVE-2008-4019
BID: 31706
OSVDB: 49078

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

An integer overflow in the REPT function allows command execution when a user loads an Excel file containing a specially crafted formula within a cell.

Resolution

Install the patch referenced in Microsoft Security Bulletin 08-057.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-057.mspx>

Limitations

Exploit works on Microsoft Excel 2003 SP3 and requires a user to open the exploit file.

There may be a delay before the connection is established after the user opens the file.

Platforms

Windows