SRC-2016-0044 : Microsoft Office Excel MakeAbsoluteSD pDacl Out-Of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within processing of binary Excel files (.xlsb). By providing a malformed file, an attacker can cause an out-of-bounds write condition in the MakeAbsoluteSD() function by setting the pDacl source buffer to contain a controlled size value. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

Affected Vendors:

Microsoft

Affected Products:

Office Excel

• Microsoft Excel 2007 Service Pack 3
• Microsoft Excel 2010 Service Pack 2 (32-bit editions)
• Microsoft Excel 2010 Service Pack 2 (64-bit editions)
• Microsoft Excel 2013 Service Pack 1 (32-bit editions)
• Microsoft Excel 2013 Service Pack 1 (64-bit editions)
• Microsoft Excel 2013 RT Service Pack 1
• Microsoft Excel 2016 (32-bit edition)
• Microsoft Excel 2016 (64-bit edition)
• Microsoft Office Compatibility Pack Service Pack 3
• Microsoft Excel Viewer
  Vendor Response:

Microsoft has issued an update to correct this vulnerability. More details can be found at: <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7265&gt;