Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability

ID ZDI-08-008
Type zdi
Reporter Arnaud Dovi -
Modified 2008-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.

The specific flaw exists within the parsing of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution under the logged in users credentials.