CVE-2010-0821

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-0821 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Nicolas Joly.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-104/

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-0821

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Open XML File Format Converter for Mac 0
* Microsoft Office 2008 for Mac 0
* Microsoft Office 2004 for Mac 0
* Microsoft Excel 2002 SP3
* Avaya Messaging Application Server
* Avaya Meeting Exchange

User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of SXVIEW records in an Excel spreadsheet. Due to the lack of checking when parsing structure items for the record it is possible to write arbitrary data to a user controlled address. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.

CVE-2010-0821

Disclosure Timeline:
2009-07-14 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus