Lucene search
SAINT CorporationSAINT:DE8ACC0367C4E0F127B86666DB8184E0HistoryJan 11, 2007 - 12:00 a.m.
Microsoft Excel PALETTE record buffer overflow
2007-01-1100:00:00
SAINT Corporation
www.saintcorporation.com
15
0.89 High
EPSS
Percentile
98.4%
Added: 01/11/2007
CVE: CVE-2007-0031
BID: 21922
OSVDB: 31258
Background
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.
Problem
A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted BIFF8 spreadsheet with a long PALETTE record.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 07-002.
References
<http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx>
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461>
Limitations
Exploit works on Microsoft Excel 2000 9.0.3821 SR-1.
Exploit requires a user to download the exploit file and open it in Microsoft Excel.
Platforms
Windows
Related
prion
prion
Heap overflow
2007-01-09 23:28:00
saint
saint
Microsoft Excel PALETTE record buffer overflow
2007-01-11 00:00:00
Microsoft Excel PALETTE record buffer overflow
2007-01-11 00:00:00
Microsoft Excel PALETTE record buffer overflow
2007-01-11 00:00:00
cert
cert
Microsoft Excel fails to properly parse malformed Palette records
2007-01-09 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2007-0031
2007-01-09 23:28:00
securityvulns
securityvulns
[Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability
2007-01-09 00:00:00
Multiple Microsoft Excel buffer oveflows
2007-02-01 00:00:00
nessus
nessus