34395 : Microsoft Excel Filter Record Handling Remote Code Execution
Printer | http://osvdb.org/34395 | Email This | Edit Vulnerability

Views This Week

Views All Time

140

Info

Last Modified

7 months ago

Percent Complete

100%

Disclosure

May 08, 2007

Discovery

Feb 08, 2007

Dates

Exploit

Unknown

Solution

Unknown

Description

A context-dependent memory corruption flaw exists in Excel. It fails to validate filter records resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Office	2004 for Mac
	Excel	2000
		2002
		2003
	Excel Viewer	2003

References

Security Tracker: 1018012
CVE ID: 2007-1214 (see also: NVD)
Bugtraq ID: 23780
Secunia Advisory ID: 25150
Related OSVDB ID: 34393 34394
Microsoft Knowledge Base Article: 934233
FrSIRT Advisory: ADV-2007-1708
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0132.html
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=527
News Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216
Microsoft Security Bulletin: MS07-023

Tools & Filters

Nessus	25162 25173

Credit

Greg MacManus - iDEFENSE Labs

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Office

Excel

Excel Viewer

References

Tools & Filters

Credit

Blogs

Comments