what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

iDEFENSE Security Advisory 2010-03-09.3
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0261
MD5 | fcd3d4df59f6a8656e954ecae6950e45
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Skylight Cyber Bypasses Cylance AI
Posted Jul 18, 2019

tags | headline, hacker, flaw
No, You Don't Need A Burner Phone At A Hacking Conference
Posted Jul 18, 2019

tags | headline, hacker, privacy, phone, conference
US Senator Asks FBI To Investigate FaceApp
Posted Jul 18, 2019

tags | headline, government, privacy, usa, russia, cyberwar
Microsoft Warns 10,000 Customers They're Targeted By Nation States
Posted Jul 18, 2019

tags | headline, hacker, government, microsoft, cyberwar
Slack Resets Passwords For 1% Of Its Users Because Of 2015 Hack
Posted Jul 18, 2019

tags | headline, hacker, data loss, password
Unofficial Telegram App Secretly Loads Malicious Sites
Posted Jul 17, 2019

tags | headline, malware, phone
Bluetooth Exploit Can Track And Identify Mobile Device Users
Posted Jul 17, 2019

tags | headline, privacy, wireless, spyware
Elon Musk Reveals Brain Hacking Plans
Posted Jul 17, 2019

tags | headline, hacker, science
JetBlue Bomb Scare Set Off With Apple AirDrop
Posted Jul 17, 2019

tags | headline, apple, terror
MyDashWallet Compromised For Two Months, Wallet Keys Taken
Posted Jul 16, 2019

tags | headline, cybercrime, data loss, fraud, cryptography
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close