Info

Disclosure

Jan 15, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

An unspecified memory corruption flaw exists in Excel. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Commercial
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation	Excel	2003 Viewer
		2002
		2000
		2003 SP2
		2004 for Mac

References

Security Tracker: 1019200
CVE ID: 2008-0081 (see also: NVD)
Bugtraq ID: 27305
Secunia Advisory ID: 28506
SCIP VulDB ID: 3552
ISS X-Force ID: 39699
VUPEN Advisory: ADV-2008-0146
Vendor Specific News/Changelog Entry: http://blogs.technet.com/msrc/archive/2008/01/15/msrc-blog-security-advisory-947563.aspx
News Article: http://isc.sans.org/diary.html?storyid=3854
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9057439
Vendor URL: http://www.microsoft.com
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/947563.mspx
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/excel_rtafdesc

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40344

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Excel

References

Credit