OSVDB ID: 23899

Title: Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution

Info

Disclosure

Mar 14, 2006

Discovery

Jan 24, 2006

Dates

Exploit

Mar 13, 2006

Solution

Dec 27, 2006

Description

A local overflow exists in Excel. The product fails to verify the length of BOOLERR records in the BIFF file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbityrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Microsoft Corporation	Word	2000
		2002
		2003
	Works Suite	2000
		2001
		2002
		2004
		2003
		2005
		2006
	Excel	2000
		2002
		2003
		2004 for Mac
		v. X for Mac
	Outlook	2000
	Outlook	2003
	PowerPoint	2002
		2000
		2003
	Office	2003 SP1
		2004 for Mac
		2000 SP3
		XP Multilingual User Interface Packs
		2003 SP2
		XP SP3
		2000 Multilanguage Packs
		v. X for Mac
	Excel Viewer	2000
		2002
		2003

References

Security Tracker: 1015766
Secunia Advisory ID: 19138
CVE ID: 2006-0028 (see also: NVD)
Related OSVDB ID: 23898 23900 23901 23902 23903
ISS X-Force ID: 25225
Microsoft Knowledge Base Article: 905413
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0812.html
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-004.html
Microsoft Security Bulletin: MS06-012
Keyword: ZDI-06-004

Credit

Arnaud Dovi aka 'class101' - -

Direct URL: http://osvdb.org/23899

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Word

Works Suite

Excel

Outlook

PowerPoint

Office

Excel Viewer

References

Credit