Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability

ID ZDI-11-281
Type zdi
Reporter Omair
Modified 2011-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the implementation of a record inside a Microsoft Office Excel or PowerPoint document. When parsing a signed field from this structure, the application will use the field to seek into an array of objects. Due to this unbounded index, an attacker can cause an element outside the array to be treated as a different type. This type of corruption can lead to code execution under the context of the application.