Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of binary Excel files (.xlsb). By providing a malformed file, an attacker can cause a pointer to be re-used after it has been freed. An attacker could leverage this to execute arbitrary code under the context of the current user.
Affected Vendors:
Microsoft
Affected Products:
Office Excel
Microsoft has issued an update to correct this vulnerability. More details can be found at: <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3362>
Proof of Concept:
<https://github.com/sourceincite/poc/blob/master/SRC-2016-0037.xlsb>