(0day) Microsoft Office Excel Office Art Object Parsing Remote Code Execution VulnerabilityZDI-11-041: February 7th, 2011
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 11046. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the way the application parses an Office Art record within a Microsoft Excel Document. Specifically, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. When receiving a window message, the application will proceed to navigate this linked list. This will access a method from the malformed object which can lead to code execution under the context of the application.
Vendor ResponseMicrosoft states:
Patched April 12, 2011
2010-06-30 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory
CreditThis vulnerability was discovered by: