[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow
From: TELUS Security Labs - Vulnerability Research <noreply@xxxxxxxxx>
Date: Tue, 9 Jun 2009 13:11:42 -0400 (EDT)

Microsoft Office Excel Malformed Records Stack Buffer Overflow

 TSL ID   : FSC20090609-01
 Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01

1. Affected Software

  Microsoft Office Excel 2000
  Microsoft Office Excel 2002

Reference: http://office.microsoft.com/en-us/excel/default.aspx

2. Vulnerability Summary

A remotely exploitable vulnerability has been discovered in Microsoft Office 
Excel products. Specifically, the vulnerability is due to a design error 
encountered when parsing Excel files which contain malformed records. Remote 
attackers can exploit this vulnerability by enticing target users to open a 
malicious Excel file.

3. Vulnerability Analysis

A remote attacker can exploit the vulnerability by sending a malicious Excel 
file to the target system and enticing the target user to open it. A successful 
code execution attempt will result in the execution of arbitrary code within 
the security privileges of the currently logged in user. An unsuccessful attack 
attempt will result in abnormal termination of the Microsoft Office Excel 
application.

4. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

  Microsoft Office Excel 2000

5. Workaround

Apply the vendor's patch, remove file associations to affected files, or block 
Excel resources originating from untrusted networks.

6. Vendor Response

Microsoft has released a bulletin addressing this vulnerability. 

Reference: http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx

7. Disclosure Timeline

  2008-12-23 Reported to vendor
  2008-12-23 Initial vendor response
  2009-06-09 Vendor disclosure

8. Credits

Vulnerability Research Team, TELUS Security Labs

9. References

  CVE: FSC20090609-01
  Vendor: MS09-021

10. About TELUS Security Labs Vulnerability Research Service

The Vulnerability Research Service (VRS) gives an in-depth understanding of the 
mechanisms and properties of software vulnerabilities. This service provides 
lab-based analysis of vulnerabilities based on disassembly, protocol analysis, 
and source-code analysis.

Our vulnerability data enables security product vendors to deliver product 
updates without the need for additional research. This data also gives MSPs and 
enterprise security teams the tools and knowledge to more effectively protect 
their environments without time-consuming research.

http://telussecuritylabs.com/vulnerabilities

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [USN-785-1] ipsec-tools vulnerabilities
Next by Date: [Full-disclosure] Apple Safari cross-domain XML theft vulnerability
Previous by thread: [Full-disclosure] [USN-785-1] ipsec-tools vulnerabilities
Next by thread: [Full-disclosure] Apple Safari cross-domain XML theft vulnerability
Index(es):
- Date
- Thread