Microsoft Office Excel RTD Topic String Buffer Overflow

Added: 10/20/2010
CVE: CVE-2010-1246
BID: 40524
OSVDB: 65238

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

Microsoft Office Excel 2002 is vulnerable to a buffer overflow when parsing Real Time Data (RTD) Future Record Types (FRT) records (record type 0x813) with a malformed Topic string (rgchTopic) in an Excel file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-038.

References

http://secunia.com/advisories/37500/

Limitations

Exploit works on Microsoft Excel 2002 SP3 and requires the user to open the exploit file in Excel.

It may take some time to establish the shell session as the exploit needs to search the shellcode in memory.

Platforms

Windows

Back to exploit index