Microsoft Excel Drawing Exception Handling vulnerability
Added: 12/01/2010CVE: CVE-2010-3335
BID: 44659
OSVDB: 69087
Background
Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.Problem
A use-after-free vulnerability during exception handling in Microsoft Office allows command execution when a user opens an Excel spreadsheet containing a specially crafted Office Art record.Resolution
Apply the patch referenced in Microsoft Security Bulletin 10-087.References
http://www.zerodayinitiative.com/advisories/ZDI-10-246/Limitations
Exploit works on Microsoft Excel 2003 SP2 and 2007 SP2 and requires a user to open the exploit file in Microsoft Excel.Execution of the exploit requires the Compress-Zlib PERL module.
Platforms
WindowsBack to exploit index