Microsoft Excel Data Validation Record Parsing Overflow
Added: 06/15/2011CVE: CVE-2011-0105
BID: 47256
OSVDB: 71765
Background
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.Problem
Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory MS11-021 contain an improper initialization bug of a value that is used to allocate memory. If an attacker can get a target to open a specially formatted Excel document, they may be able to exploit this bug to execute arbitrary code on the target's system.Resolution
Apply the patch outlined in Microsoft Security Advisory MS11-021.References
http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspxhttp://secunia.com/advisories/39122
Limitations
This exploit has been tested against Microsoft Excel 2002 SP3 with KB2345017 running on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn), where the version of excel.exe was 10.0.6866.Platforms
WindowsBack to exploit index