what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

TPTI-08-03.txt

TPTI-08-03.txt
Posted Mar 13, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed tag a heap allocation can be adversely controlled. When user supplied data is copied to a heap buffer the resulting data results in a arbitrary memory overwrite. If successfully exploited this could lead to system compromise under the credentials of the currently logged in user.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0116
SHA-256 | 2e0149de414dbd19418b0e2dd79c34f7052ed8d9bb1e9580fe845be55d9a65b2

TPTI-08-03.txt

Change Mirror Download
TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
March 11, 2008

-- CVE ID:
CVE-2008-0116

-- Affected Vendors:
Microsoft

-- Affected Products:
Microsoft Office Excel 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6000.
For further product information on the TippingPoint IPS, visit:

http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Office Excel. Exploitation
requires that the attacker coerce the target into opening a malicious
.XLS file.

The specific flaw exists within the parsing of the BIFF file format used
by Microsoft Excel. During the processing of a malformed tag a heap
allocation can be adversely controlled. When user supplied data is
copied to a heap buffer the resulting data results in a arbitrary memory
overwrite. If successfully exploited this could lead to system
compromise under the credentials of the currently logged in user.

-- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:

http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

-- Disclosure Timeline:
2007-10-17 - Vulnerability reported to vendor
2008-03-11 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
* Cody Pierce, TippingPoint DVLabs
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close