Microsoft Excel数据验证记录堆内存破坏漏洞(MS08-014)

BUGTRAQ ID: 28094 CVECAN ID: CVE-2008-0111 Excel是微软Office办公软件家族中的电子表格工具。 Excel在处理BIFF8格式电子表格文件中的DVAL记录时存在漏洞，如果将该记录的某些字段设置为无效值的话，则用户打开该文件时就会触发堆内存破坏或导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel 2007 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office...

[Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability

iDefense Security Advisory 03.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 11, 2008 I. BACKGROUND Microsoft Excel is the spreadsheet application that is included with Microsoft Corp's Office productivity software suite. More information is available at the following website...

Microsoft Excel Filter记录远程代码执行漏洞（MS07-023）

Microsoft Excel是Office套件中的电子表格工具。 Excel在处理Excel BIFF8格式电子表格文件中的AutoFilter记录时存在输入验证错误，如果用户受骗打开了包含有畸形过滤记录的特制文档的话，就可能导致无效的内存访问，在用户系统上执行任意代码。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office 2004 for Mac 临时解决方法： 不要打开不可信任来源的Excel文档...

Memory corruption

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption...

Multiple Microsoft Excel buffer oveflows

Heap buffer overflow on oversized value of BIFF8 type column. Heap buffer overflow on oversized palette value for BIFF8 type column...

Microsoft Excel畸形调色板记录堆溢出漏洞（MS07-002）

Microsoft Excel是微软Office套件中的电子表格工具。 Excel在处理BIFF8格式电子表格文件中畸形的PALETTE记录时存在堆溢出漏洞，远程攻击者可能利用此漏洞远程控制用户机器。 在Excel文档中如果攻击者为PALETTE记录指定了过多条目的话，就会触发这个漏洞，攻击者通过诱骗用户打开此恶意文档导致在用户机器上执行任意指令。 Microsoft Excel v.X for Mac Microsoft Excel 2004 for Mac Microsoft Excel 2003 Microsoft Excel 2002 Microsoft Excel 2000...

Microsoft Excel畸形列记录堆溢出漏洞（MS07-002）

Microsoft Excel是微软Office套件中的电子表格工具。 Excel在处理一些BIFF8记录类型的列字段中范围值的时候存在堆溢出漏洞，远程攻击者可能利用此漏洞远程控制用户机器。 攻击者可以创建带有无效的Column字段记录的Excel文件，则如果用户受骗打开了该文档的话就可能导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel v.X for Mac Microsoft Excel 2004 for Mac Microsoft Excel 2003 Microsoft Excel 2002 Microsoft Excel...

Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

Design/Logic Flaw

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory...

Heap overflow

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries...

CVE-2007-0031

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries...

CVE-2007-0031

CVE-2007-0031 affects Microsoft Excel: heap-based buffer overflow in BIFF8 PALETTE records can allow a user-assisted remote attacker to execute arbitrary code. Vulnerable products include Excel 2000 SP3, 2002 SP3, 2003 SP2, and Mac versions (2004 for Mac, v.X for Mac). The flaw is triggered by op...

CVE-2007-0031

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries...

CVE-2007-0030

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory...

[Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability

Microsoft Excel Long Palette Heap Overflow Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND Microsoft Excel is the spreadsheet application from the Microsoft Office System. More information is available at the...