5175 : Microsoft Excel Hyperlinked Workbook Arbitrary Code Execution
Printer | http://osvdb.org/5175 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

5 months ago

Percent Complete

100%

Disclosure

Jun 19, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Excel contains a flaw that allows a hyperlink to execute code when referenced through a Drawing shape from one workbook to another containing the macrocode in autoexecute. This flaw exists because the application does not detect the presence of macros upon opening. This could allow a user to create a specially crafted workbook that would execute arbitrary code when a user opens it.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade Excel 2000 to version 9.0.6508 using the Excel 2000 Update: June 19, 2002 or higher, upgrade Word and Office using the Office XP Update: Service Pack 2, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Microsoft Corporation	Office	2000
		XP
	Word	2002
	Excel	2000
		2002

References

Bugtraq ID: 5064
Microsoft Security Bulletin: MS02-031
ISS X-Force ID: 9398
CVE ID: 2002-0617 (see also: NVD)
Security Tracker: 1004594
Keyword: aka "Hyperlinked Excel Workbook Macro Bypass."

Tools & Filters

Nessus	11336

Credit

Darryl Higa -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Office

Word

Excel

References

Tools & Filters

Credit

Blogs

Comments