A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when parsing SXVIEW records, resulting in memory corruption. With a specially crafted Excel spreadsheet file, a context-dependent attacker can execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• CVE ID: 2010-0821 (see also: NVD)
• Microsoft Knowledge Base Article: 2027452 2028864 2028866 2078051 982133 982299 982308 982331 982333
• Secunia Advisory ID: 37500
• Related OSVDB ID: 65226 65228 65229 65230 65231 65232 65233 65234 65235 65236 65237 65238 65239
• News Article: http://blogs.technet.com/b/msrc/archive/2010/06/03/june-2010-security-bulletin-advance-notification.aspx
  http://news.cnet.com/8301-27080_3-20006781-245.html
• Mail List Post: http://seclists.org/bugtraq/2010/Jun/91
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-104
• Microsoft Security Bulletin: MS10-038
• CERT: TA10-159B

• Anonymous - Zero Day Initiative (ZDI)