Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007
CVE: CVE-2007-0031
BID: 21922
OSVDB: 31258

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a specially crafted BIFF8 spreadsheet with a long PALETTE record.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-002.

References

http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461

Limitations

Exploit works on Microsoft Excel 2000 9.0.3821 SR-1.

Exploit requires a user to download the exploit file and open it in Microsoft Excel.

Platforms

Windows

Back to exploit index