Microsoft Office Excel File Rebuilding Code Execution Vulnerability

ID ZDI-06-022
Type zdi
Reporter Arnaud Dovi 'class101'
Modified 2006-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.

The specific flaw exists within the rebuilding of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution with the credentials of the current user.