Advisory Details

November 10th, 2009

Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability

ZDI-09-082
ZDI-CAN-567

CVE ID CVE-2009-3127
CVSS SCORE
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Office Excel
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 9244. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document.

The specific flaw exists when parsing a document containing a malformed PivotCache Stream. The application will utilize the iCache value of an SXVI record to seek into a list of objects. While setting an attribute of that particular object, the application will corrupt memory which can lead to code execution under the context of the currently logged in user.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx
DISCLOSURE TIMELINE
  • 2009-08-20 - Vulnerability reported to vendor
  • 2009-11-10 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES