J-A
15-03-06, 02:41
ZDI-06-004
Microsoft Excel File Format Parsing Vulnerability
March 14, 2006
CVE ID:
CVE-2006-0028
Affected Vendor:
Microsoft
Affected Products:
Office 2000
Office XP
Office 2003
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed BOOLERR records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code.
Vendor Response:
Microsoft has addressed this issue in Microsoft security bulletin MS06-012 titled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution":
http://www.microsoft.com/technet/securi ... 6-012.mspx (http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx)
Disclosure Timeline:
2006.01.24 – Vulnerability reported to vendor
2006.02.21 – Digital Vaccine released to TippingPoint customers
2006.03.13 – Vulnerability information provided to ZDI security partners
2006.03.14 – Coordinated public release of advisory
Credit:
This vulnerability was discovered by class101, http://heapoverflow.com.
:wink:
Microsoft Excel File Format Parsing Vulnerability
March 14, 2006
CVE ID:
CVE-2006-0028
Affected Vendor:
Microsoft
Affected Products:
Office 2000
Office XP
Office 2003
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed BOOLERR records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code.
Vendor Response:
Microsoft has addressed this issue in Microsoft security bulletin MS06-012 titled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution":
http://www.microsoft.com/technet/securi ... 6-012.mspx (http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx)
Disclosure Timeline:
2006.01.24 – Vulnerability reported to vendor
2006.02.21 – Digital Vaccine released to TippingPoint customers
2006.03.13 – Vulnerability information provided to ZDI security partners
2006.03.14 – Coordinated public release of advisory
Credit:
This vulnerability was discovered by class101, http://heapoverflow.com.
:wink: