iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
77193ef3d20874264fedaa93e9df41c77a445408a2adbf53e0f52c7a05ed79daSecunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
32b95a29a08e0891177ba0136d57828e7a5d6a9b2dd0bac45e2be92621c51a35Secunia Security Advisory - A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
ec8ea83f351f9a6743742ca88cfbd15c3b4dd95ba72b57d9f017ef5460bc420bThis Metasploit module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the execution flow. This results arbitrary code execution under the context of the user.
acb25995e86f5b15f194ac0612879eb48ebd91be3aa622b8ed431f01c711cbddThis Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.
405750635f1d715a040aac5de170b3b1b4dc8f91ecb9723c46a8fa8a207f6fa9Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a use-after-free vulnerability. Proof of concept included.
de3b7829c10d4b0bb9337bbec900ab6dba8975b738f7268a64884cb5d48ea585Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a memory corruption vulnerability. Proof of concept included.
7bc888fe4dd23f5c472f81da4b3f94f9ff21c5f791f277ebde1ec6021951f893A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.
9a5d1f96fbe02680c7966f213409b939e32dceb7cdd048b0e6ab2e26c9aed2cfVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a heap corruption error when processing malformed Formula records within an Excel document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted XLS document.
fea05647dde36d6873e65a4a370929a4399740a72e46e76f9aa3a5901033bd1fiDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
53724cb5cc8727f4c7f8eba8148efebb5736319a5c8c2d06831b11effdc1d854iDefense Security Advisory 09.13.11 - Remote exploitation of an integer signedness vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative 'iax' field.
97bc0394f99e9d978267b86461be984afd78303388de888ffd6878ef285734b5iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. An invalid value of the length field in the record header can trigger an error condition and result in using memory content which has already been freed and may allow arbitrary code execution.
e09343c3f7890e4c5bf50eec1fb9f834e5524c580f5c602204351b7dc18d009cSecunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
a5fdab08cebfdf85bbeb6c3430cb3fb959b02807e6f43cb2a9414834c97aa5c2This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
6497ed9245fd883ef37cc984504ec91b1b780335510e1b353bedc9a0d6466a63Excel SLYK format parsing buffer overrun proof of concept denial of service exploit.
c515ec3b3b89acbd7783600d443052f2af54c8a1f404a889d035b223d4e2871fApple Security Advisory 2011-07-20-2 - An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution.
a73deccbc64afb80a87bd72b01aefd8124e910e61fa03497792581196667db65Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
d303888c3870a4ed762f156f2b94d8520140a8d5e69bac9eb3440e13dbd930c8Secunia Security Advisory - A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
36db7d3cce47d9aa6c2fc3ba470da61a350abf6a4dd12f39ce79e5dc2259b1f7This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
e5a1c821dd8dc33a94c445290956d52e03b3c450f9cd448b96d92317fd4cce42Microsoft Office Excel Axis properties record parsing buffer overflow proof of concept exploit that leverages the issue discussed in MS11-021.
e2b8a20317fcb2c65a108738183b164cb42f48896b69cc8d703724161298a74aThe VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h), which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted Excel document.
eb83b04f992840bb6eff2e981e45c08f92921571c592f54407896f0ebe817d1cSecunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
cc33916bbd27bd5f91d21918a9bee7122889cb6af557992afb078291bd81f9e1iDefense Security Advisory 04.12.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution. The following Microsoft products are vulnerable: Excel 2002 SP3, Excel 2002 SP3, Excel 2003 SP3, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.
230c8ce9bbb3feb7d012305ab9e3d158088e64a47a65651244ca80553d4b4f3fZero Day Initiative Advisory 11-121 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation. Due to the usage of the uninitialized value, with proper control of the program flow an attacker can force a length of their own choosing for the memcpy operation. This will cause a buffer overflow and can lead to code execution under the context of the application.
e7075028f6c8b34e4ab3e2973d2245738f8bb01d12782f2a48bff9b853eb4bdaZero Day Initiative Advisory 11-120 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the methods used for RealTimeData Record Parsing. When handling a stTopic field has a bit set specifying double byte characters in the following field the value of a global pointer is improperly calculated. This pointer is later used in a memcpy operation whose source is user supplied data. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
4e82fe1a7e573ec69aca8fb081d13147eb8a999bd96c9fc626b5431ce16dae9eThis Metasploit module exploits a vulnerability in AVM2 action script virtual machine used in Adobe Flash Player versions 9.0 through 10. The AVM fails to properly verify bytecode streams prior to executing it. This can cause uninitialized memory to be executed. Utilizing heap spraying techniques to control the uninitialized memory region it is possible to execute arbitrary code. Typically Flash Player is not used as a standalone application. Often, SWF files are embedded in other file formats or specifically loaded via a web browser. Malcode was discovered in the wild which embedded a malformed SWF file within an Excel spreadsheet. This exploit is based off the byte stream found within that malcode sample.
42f45f3260ab9c5b8cc16ebc8f87909c47dfc836d8362769726a745db24e2709
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed