 | |
| |||||||
| Home | Register | Projects | Blogs | FAQ | Calendar | Search | Today's Posts | Mark Forums Read | Free Directory | Free DNSReport | Tags |
| Notices |
| Security discussions Discuss about the computer security in general |
Microsoft Excel File Format Parsing VulnerabilityThis is a discussion on "Microsoft Excel File Format Parsing Vulnerability" within the Security discussions part of the Computer Security: Discussions section; ZDI-06-004 Microsoft Excel File Format Parsing Vulnerability March 14, 2006 CVE ID: CVE-2006-0028 Affected Vendor: Microsoft Affected Products: Office 2000 Office XP Office 2003 Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on ... |
 |
| | LinkBack | Thread Tools | Display Modes |
15-03-06
| |||
| |||
 Microsoft Excel File Format Parsing Vulnerability ZDI-06-004 Microsoft Excel File Format Parsing Vulnerability March 14, 2006 CVE ID: CVE-2006-0028 Affected Vendor: Microsoft Affected Products: Office 2000 Office XP Office 2003 Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed BOOLERR records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code. Vendor Response: Microsoft has addressed this issue in Microsoft security bulletin MS06-012 titled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution": http://www.microsoft.com/technet/securi ... 6-012.mspx Disclosure Timeline: 2006.01.24 – Vulnerability reported to vendor 2006.02.21 – Digital Vaccine released to TippingPoint customers 2006.03.13 – Vulnerability information provided to ZDI security partners 2006.03.14 – Coordinated public release of advisory Credit: This vulnerability was discovered by class101, http://heapoverflow.com. :wink:  |
| Sponsor | ||
| ||
| |
|
15-03-06
| ||||
| ||||
 |
|
15-03-06
| ||||
| ||||
| looks like excel is on fire, more holes than in a cheese and if you had paid attention to my mailing list , I had warned about multiple excel threats since long time ago |
| Sponsor | ||
| ||
| |
|
| | |
| excel, file, format, microsoft, parsing, vulnerability | |
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| phpCMS 1.2.2 (parser.php file) Remote File Disclosure Vulnerability | Heap | Public | 0 | 29-01-08 20:16 |
| Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit | Heap | Public | 0 | 09-01-08 00:10 |
| Microsoft Jet Engine MDB File Parsing Stack Overflow PoC | Heap | Public | 0 | 16-11-07 15:46 |
| Microsoft Excel Unpatched PoC | DiGiTALSTAR | Public | 4 | 25-06-06 00:56 |
| New eEye Upcoming Advisory | clark | Security discussions | 8 | 26-07-05 02:47 |
