Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19763
HistoryJun 10, 2010 - 12:00 a.m.

Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249)

2010-06-1000:00:00
Root
www.seebug.org
10

0.958 High

EPSS

Percentile

99.3%

JSON

No description provided by source.


                                                "Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use." (microsoft.com)


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
affecting Microsoft Office Excel.

The vulnerability is caused by a buffer overflow error when processing
malformed ExternName (recType 0x23) records, which could be exploited by
attackers to execute arbitrary code by tricking a user into opening
a specially crafted Excel document.


III. AFFECTED PRODUCTS
---------------------------

Microsoft Office Excel 2002 Service Pack 3
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac


IV. Binary Analysis & Proof-of-concept
---------------------------------------

In-depth binary analysis of the vulnerability and a proof-of-concept
have been published by VUPEN through the VUPEN Binary Analysis & Exploits
portal :

http://www.vupen.com/exploits/


V. SOLUTION
----------------

Apply MS10-038 security update:
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx


VI. CREDIT
--------------

The vulnerability was discovered by Nicolas Joly of VUPEN Security

Related

checkpoint_advisories 2
securityvulns 3
cve 3
prion 3
nessus 2
openvas 2
checkpoint_advisories
checkpoint_advisories
Microsoft Excel External Name Record Memory Corruption (MS10-038; CVE-2010-1249)
2010-06-08 00:00:00
Microsoft Excel External Name Record Memory Corruption (MS10-038) - Ver2 (CVE-2010-1249)
2014-04-16 00:00:00
securityvulns
securityvulns
VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249)
2010-06-14 00:00:00
Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
2010-06-09 00:00:00
Microsoft Office multiple security vulnerabilities
2010-06-14 00:00:00
cve
cve
CVE-2010-1247
2010-06-08 20:30:00
CVE-2010-1249
2010-06-08 20:30:00
CVE-2010-0823
2010-06-08 20:30:00
prion
prion
Memory corruption
2010-06-08 20:30:00
Memory corruption
2010-06-08 20:30:00
Memory corruption
2010-06-08 20:30:00
nessus
nessus
MS10-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2027452) (Mac OS X)
2010-10-20 00:00:00
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
2010-06-09 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00

0.958 High

EPSS

Percentile

99.3%

JSON
Related for SSV:19763
checkpoint_advisories2securityvulns3cve3prion3nessus2openvas2