65238 : Microsoft Office Excel Malformed RTD Handling Memory Corruption
Printer | http://osvdb.org/65238 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
10	1051	almost 3 years ago	about 2 years ago	20 times	100%

Timeline

Disclosure Date
2010-06-08

Time to Patch
187 days

Description

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when parsing malformed RTD (0x813) records, resulting in memory corruption. With a specially crafted Excel file, a context-dependent attacker can execute arbitrary code.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Excel

2002 SP3

References

Exploit Database: 14966
CVE ID: 2010-1246 (see also: NVD)
Microsoft Knowledge Base Article: 2027452 2028864 2028866 2078051 982133 982299 982308 982331 982333
Secunia Advisory ID: 37500
Related OSVDB ID: 65226 65227 65228 65229 65230 65231 65232 65233 65234 65235 65236 65237 65239
News Article: http://blogs.technet.com/b/msrc/archive/2010/06/03/june-2010-security-bulletin-advance-notification.aspx
http://news.cnet.com/8301-27080_3-20006781-245.html
Mail List Post: http://seclists.org/bugtraq/2010/Jun/104
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/excel_rtd_frt_rgchtopic
Other Advisory URL: http://www.vupen.com/english/advisories/2010/1395
Microsoft Security Bulletin: MS10-038
CERT: TA10-159B

Tools & Filters

	46845

Credit

Nicolas Joly - VUPEN Security

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2010-06-09 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.