|
|
|
|
| |
Credit:
The information has been provided by Damian Frizza .
The original article can be found at: http://www.coresecurity.com/content/CORE-2009-1103
|
| |
Vulnerable Systems:
* Microsoft Excel 2002 (Office XP SP3)
Immune Systems:
* Microsoft Office 2003
* Microsoft Office 2007
A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. The precise affected executable versions tested are:
* EXCEL.exe version 10.0.6501
* EXCEL.exe version 10.0.6854
* EXCEL.exe version 10.0.6856
The vulnerable version is Microsoft Office Excel XP SP3.
According to the MSDN documentation the DbOrParamQry record specifies a DbQuery or ParamQry record depending on the preceding record. The Record Query Parameters (ParamQry) offset DCh, contains information about ODBC parameterized queries. By modifying this record an exploitable condition can be triggered.
Patch Availability:
Microsoft has addressed this vulnerability by issuing an update located at:
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
CVE Information:
CVE-2010-0264
Disclosure Timeline:
2009-11-04: Microsoft notified
2009-11-04: Microsoft acknowledges receipt of the report, and opens case 9564 to track this issue.
2010-03-09: The advisory CORE-2009-1103 is published.
|
|
|
|
|
