Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability

ID ZDI-11-121
Type zdi
Reporter Aniway (Aniway.Anyway AT gmail DOT com)
Modified 2011-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation. Due to the usage of the uninitialized value, with proper control of the program flow an attacker can force a length of their own choosing for the memcpy operation. This will cause a buffer overflow and can lead to code execution under the context of the application.