Microsoft Excel PALETTE record buffer overflow

2007-01-11T00:00:00
ID SAINT:CA5563CE197E889A56749AC5E656B1B2
Type saint
Reporter SAINT Corporation
Modified 2007-01-11T00:00:00

Description

Added: 01/11/2007
CVE: CVE-2007-0031
BID: 21922
OSVDB: 31258

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted BIFF8 spreadsheet with a long PALETTE record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-002.

References

<http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx>
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461>

Limitations

Exploit works on Microsoft Excel 2000 9.0.3821 SR-1.

Exploit requires a user to download the exploit file and open it in Microsoft Excel.

Platforms

Windows