Microsoft Excel URL unicode buffer overflow

2006-06-21T00:00:00
ID SAINT:BD409D18889D0785664D18B344B80112
Type saint
Reporter SAINT Corporation
Modified 2006-06-21T00:00:00

Description

Added: 06/21/2006
CVE: CVE-2006-3086
BID: 18500
OSVDB: 26666

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow in Excel when processing long URL strings allows command execution when a user clicks on a specially crafted link within a spreadsheet.

Resolution

Do not open Excel files from untrusted sources.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0391.html>

Limitations

Exploit works on Microsoft Excel 2002. In order for exploitation to occur, a user must download and open the exploit file and click on the Click Here link. Note that on Windows XP, a pop-up window comes up after the click, and the user must click on either button to trigger the exploit.

Platforms

Windows 2000
Windows XP