|
|
|
|
| |
Credit:
The information has been provided by Sean Larsson.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/
|
| |
Vulnerable Systems:
* Microsoft Office XP Service Pack 3
* Microsoft Office 2000 Web Components SP3
* Microsoft Office XP Web Components SP3
* Microsoft BizTalk Server 2002
* Visual Studio .NET 2003 Service Pack 1
When instantiating a Spreadsheet object, it is possible to pass the object a parameter that refers to an Excel file that will be retrieved and then loaded. By using a long string for the parameter, it is possible to case a stack based buffer overflow.
Exploitation results in the execution of arbitrary code with the privileges of the logged-on user. Exploitation would require that an attacker hosts a maliciously crafted page on a Web site and entice users to visit the site. No further action is needed other than following a link to a malicious Web page.
Workaround
Setting the kill bit for the following CLSIDs will mitigate the threat from web based attacks conducted through Internet Explorer. The CLSID for the vulnerable control is:
0002E512-0000-0000-C000-000000000046
Patch Availability:
Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL:
http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx
CVE Information:
CVE-2009-1534
Disclosure Timeline:
03/17/2008 Initial vendor notification
06/26/2009 Bulletin release scheduled for July
07/09/2009 Status update received, bulletin delayed
08/11/2009 Public disclosure by Microsoft
-------------------------------------------------------------------------------------------------------------------------------
Insider's report: What is behind malware growth and how this knowledge will help you avoid it.
+
|
|
|
|
|
