Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability

2008-03-11T00:00:00
ID ZDI-08-008
Type zdi
Reporter Arnaud Dovi - ad@heapoverflow.com
Modified 2008-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.

The specific flaw exists within the parsing of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution under the logged in users credentials.