Microsoft Excel TXO and OBJ record parsing memory corruption

Added: 12/18/2008
CVE: CVE-2008-4265
BID: 32618
OSVDB: 50556

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms.

Problem

A memory corruption vulnerability allows command execution when a user opens an Excel spreadsheet containing specially crafted TXO and OBJ records.

Resolution

Apply the update referenced in Microsoft Security Bulletin 08-074.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763

Limitations

Exploit works on Microsoft Excel 2000 SP3 and requires a user to open the exploit file.

After opening the exploit file, there may be a delay before the connection is established.

Platforms

Windows 2000
Windows XP

Back to exploit index