Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:9FE5BADD591303BF6A71576E2F257E4E
HistoryOct 20, 2010 - 12:00 a.m.

Microsoft Office Excel RTD Topic String Buffer Overflow

2010-10-2000:00:00
SAINT Corporation
download.saintcorporation.com
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.919 High

EPSS

Percentile

98.9%

JSON

Added: 10/20/2010
CVE: CVE-2010-1246
BID: 40524
OSVDB: 65238

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

Microsoft Office Excel 2002 is vulnerable to a buffer overflow when parsing Real Time Data (RTD) Future Record Types (FRT) records (record type 0x813) with a malformed Topic string (rgchTopic) in an Excel file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-038.

References

<http://secunia.com/advisories/37500/&gt;

Limitations

Exploit works on Microsoft Excel 2002 SP3 and requires the user to open the exploit file in Excel.

It may take some time to establish the shell session as the exploit needs to search the shellcode in memory.

Platforms

Windows

Related

saint 3
cve 1
seebug 1
prion 1
packetstorm 1
securityvulns 3
checkpoint_advisories 2
exploitpack 1
exploitdb 1
openvas 2
nessus 1
saint
saint
Microsoft Office Excel RTD Topic String Buffer Overflow
2010-10-20 00:00:00
Microsoft Office Excel RTD Topic String Buffer Overflow
2010-10-20 00:00:00
Microsoft Office Excel RTD Topic String Buffer Overflow
2010-10-20 00:00:00
cve
cve
CVE-2010-1246
2010-06-08 20:30:00
seebug
seebug
Excel RTD - Memory Corruption
2014-07-01 00:00:00
prion
prion
Stack overflow
2010-06-08 20:30:00
packetstorm
packetstorm
Month Of Abysssec Undisclosed Bugs - Excel RTD Memory Corruption
2010-09-11 00:00:00
securityvulns
securityvulns
VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability &#40;CVE-2010-1246&#41;
2010-06-09 00:00:00
Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution &#40;2027452&#41;
2010-06-09 00:00:00
Microsoft Office multiple security vulnerabilities
2010-06-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel RealTimeData Record Stack Overflow (MS10-038; CVE-2010-1246)
2010-06-08 00:00:00
Microsoft Excel RealTimeData Record Stack Buffer Overflow - Ver2 (CVE-2010-1246)
2014-04-16 00:00:00
exploitpack
exploitpack
Excel RTD - Memory Corruption
2010-09-10 00:00:00
exploitdb
exploitdb
Excel RTD - Memory Corruption
2010-09-10 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00
nessus
nessus
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
2010-06-09 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.919 High

EPSS

Percentile

98.9%

JSON
Related for SAINT:9FE5BADD591303BF6A71576E2F257E4E
saint3cve1seebug1prion1packetstorm1securityvulns3checkpoint_advisories2exploitpack1exploitdb1openvas2nessus1