iDefense Security Advisory 05.14.09 - Remote exploitation of an integer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists when handling specific records within a specially crafted Microsoft Excel spreadsheet file. Within the vulnerable function, an integer value is read from the file. This value is later used in an arithmetic integer calculation. Since no validation is performed, an integer overflow can occur. This results in the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.
e7d3ca952a5b943eaf5807594202a97d1c4f5d9826e4cdcd0d1270d22526cdf2