Microsoft Excel Named Graph record buffer overflow

Added: 05/24/2007
CVE: CVE-2007-0215
BID: 23760
OSVDB: 34393

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted spreadsheet with a long Named Graph record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-023.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-026.html

Limitations

Exploit works on Microsoft Excel 2000 SP3 and 2002 SP3 and requires a user to open the exploit file.

Platforms

Windows 2000
Windows XP

Back to exploit index