Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-0031 to a friend New vulnerability? New tool? Tell us	CVE-2007-0031 Microsoft Excel Heap Corruption Vulnerabilities     Credit: The information has been provided by iDefense. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460, http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-0031 Details Check for CVE-2007-0031 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Microsoft Excel 2003 Microsoft Excel Long Palette Heap Overflow Vulnerability The vulnerability specifically exists in the handling of the PALETTE record in BIFF8 format spreadsheet files. By supplying a record with too many entries, an exploitable buffer overflow condition can occur. Analysis: Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the context of the user who opened the document. In order exploit this vulnerability, an attacker would need to convince the target to open an Excel spreadsheet file. Likely attack vectors include sending the file as an attachment in an email or linking to the file on a website. Systems with a default install of Office 2000 will open Office documents, including Excel spreadsheet files, from websites without prompting the user. This allows an attacker to exploit this vulnerability without user interaction beyond visiting a website. Later versions of Office will not open these documents automatically unless the user has chosen this behavior. Vendor response: Microsoft has addressed this vulnerability with Microsoft Security Bulletin MS07-002. A link to this bulletin can be found below. http://www.microsoft.com/technet/security/bulletin/ms07-002.mspx CVE Information: CVE-2007-0031 Disclosure Timeline: 09/22/2006 - Initial vendor notification 09/22/2006 - Initial vendor response 01/09/2007 - Coordinated public disclosure Microsoft Excel Invalid Column Heap Corruption Vulnerability The vulnerability specifically exists in the handling of out of range values in the column field in several BIFF8 record types. By supplying an invalid Column field to one of these records, it is possible to cause the system to reference arbitrary memory. This can be exploited to gain control of the application. Analysis: Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the context of the user who opened the document. In order exploit this vulnerability, an attacker would need to convince the target to open an Excel spreadsheet file. As memory offsets and other values differ slightly between versions, the attacker would need to know the version of Excel the targeted user had installed. Vendor response: Microsoft has addressed this vulnerability with Microsoft Security Bulletin MS07-002. A link to this bulletin can be found below. http://www.microsoft.com/technet/security/bulletin/ms07-002.mspx CVE Information: CVE-2007-0030 Disclosure timeline: 09/14/2006 - Initial vendor notification 09/15/2006 - Initial vendor response 01/09/2007 - Coordinated public disclosure  Comments on CVE-2007-0031:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®