SRC-2016-0036 : Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of binary Excel files (.xlsb). By providing a malformed file, an attacker can cause a pointer to be re-used after it has been freed. An attacker could leverage this to execute arbitrary code under the context of the current user.

Affected Vendors:

Microsoft

Affected Products:

Office Excel

• Microsoft Excel 2010 Service Pack 2 (32-bit editions)
• Microsoft Excel 2010 Service Pack 2 (64-bit editions)
  Vendor Response:

Microsoft has issued an update to correct this vulnerability. More details can be found at: <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3361&gt;
Proof of Concept:
<https://github.com/sourceincite/poc/blob/master/SRC-2016-0036.xlsb&gt;