Microsoft Office Excel contains a flaw related to the parsing of DBQueryExt records in Excel spreadsheet files. The issue is triggered when the program fails to check when parsing certain structure fields, allowing a user-controlled pointer to be called. This may allow a context-dependent attacker to use a crafted Excel file to execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• CVE ID: 2010-1253 (see also: NVD)
• Microsoft Knowledge Base Article: 2027452 2028864 2028866 2078051 982133 982299 982308 982331 982333
• Secunia Advisory ID: 37500
• Related OSVDB ID: 65226 65227 65229 65230 65231 65232 65233 65234 65235 65236 65237 65238 65239
• News Article: http://blogs.technet.com/b/msrc/archive/2010/06/03/june-2010-security-bulletin-advance-notification.aspx
  http://news.cnet.com/8301-27080_3-20006781-245.html
• Mail List Post: http://seclists.org/bugtraq/2010/Jun/90
• Generic Exploit URL: http://www.coresecurity.com/content/microsoft-office-excel-dbqueryext-record-parsing-exploit-ms10-038-10-5
  http://www.saintcorporation.com/cgi-bin/exploit_info/excel_dbqueryext
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-103
• Microsoft Security Bulletin: MS10-038
• CERT: TA10-159B

• Anonymous - Zero Day Initiative (ZDI)