Microsoft Excel Drawing Exception Handling vulnerability

Added: 12/01/2010
CVE: CVE-2010-3335
BID: 44659
OSVDB: 69087

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A use-after-free vulnerability during exception handling in Microsoft Office allows command execution when a user opens an Excel spreadsheet containing a specially crafted Office Art record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-087.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-246/

Limitations

Exploit works on Microsoft Excel 2003 SP2 and 2007 SP2 and requires a user to open the exploit file in Microsoft Excel.

Execution of the exploit requires the Compress-Zlib PERL module.

Platforms

Windows

Back to exploit index