Microsoft Office Excel File Rebuilding Code Execution Vulnerability

2006-07-11T00:00:00
ID ZDI-06-022
Type zdi
Reporter Arnaud Dovi 'class101' http://heapoverflow.com
Modified 2006-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.

The specific flaw exists within the rebuilding of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution with the credentials of the current user.