Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011
CVE: CVE-2011-0105
BID: 47256
OSVDB: 71765

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory MS11-021 contain an improper initialization bug of a value that is used to allocate memory. If an attacker can get a target to open a specially formatted Excel document, they may be able to exploit this bug to execute arbitrary code on the target's system.

Resolution

Apply the patch outlined in Microsoft Security Advisory MS11-021.

References

http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspx
http://secunia.com/advisories/39122

Limitations

This exploit has been tested against Microsoft Excel 2002 SP3 with KB2345017 running on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn), where the version of excel.exe was 10.0.6866.

Platforms

Windows

Back to exploit index