Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-0561 to a friend New vulnerability? New tool? Tell us	CVE-2009-0561 Microsoft Excel SST Record Integer Overflow Vulnerability (MS09-021)     Credit: The information has been provided by Sean Larsson and Joshua Drake. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-0561 Details Check for CVE-2009-0561 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Excel 2000 SP3 (Excel.exe version 9.0.0.8974)  * Excel 2002/XP SP3 (Excel.exe version 10.0.6850.0)  * Excel 2003 SP3 (Excel.exe version 11.0.8237.0  * Excel 2007 SP1 (Excel.exe version 12.0.6331.5000) The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file. Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. This is typically accomplished by emailing a user the file, or embedding it inside of a web page. Patch Availability: To prevent exploitation of these issues, Microsoft recommends using the MOICE tool and/or disabling legacy binary file support. More information about these workarounds can be found within their security bulletin. Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx CVE Information: CVE-2009-0561 Disclosure Timeline: 02/19/2009 - Initial Contact 02/19/2009 - PoC Sent 02/19/2009 - PoC requested 02/19/2009 - Vendor Status Update 04/22/2009 - Vendor set tentative disclosure date of 06/09/2009 05/22/2009 - Status update received 06/09/2009 - Coordinated public disclosure  Comments on CVE-2009-0561:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®