OSVDB ID: 23899

Title: Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution

Info

Disclosure

Mar 14, 2006

Discovery

Jan 24, 2006

Dates

Exploit

Mar 13, 2006

Solution

Dec 27, 2006

Description

A local overflow exists in Excel. The product fails to verify the length of BOOLERR records in the BIFF file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbityrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Microsoft Corporation

Word

2000
2002
2003

Works

2000
2001
2002
2004
2003
2005
2006

Excel

2000
2002
2003
2004 for Mac
v. X for Mac

Outlook

2000
2003

PowerPoint

2002
2000
2003

Office

2003 SP1
2004 for Mac
2000 SP3
XP Multilingual User Interface Packs
2003 SP2
XP SP3
2000 Multilanguage Packs
v. X for Mac

Excel Viewer

2000
2002
2003

References

Credit

  • Arnaud Dovi aka 'class101' -   -


Direct URL: http://osvdb.org/23899