HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2010-59
Microsoft Office Excel Record parsing arbitrary code execution Vulnerability

Original Issue Date: March 10, 2010

Severity Rating: High

System Affected

  • Microsoft Office Excel 2003 SP 3
  • Microsoft Office Excel 2007 SP 1& SP 2
  • Microsoft Office 2004 & 2008 for Mac
  • Open XML File Format Converter for Mac
  • Microsoft Office Excel Viewer SP 1 & SP 2
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint SP 1 & SP 2

Overview

A buffer overflow vulnerability has been reported in Microsoft Office Excel which allows a remote attacker to execute arbitrary code on the victim system.

Description

This memory corruption vulnerability occurs when parsing a .XLS file with malformed DbOrParamQry record. This record specifies either a DBQuery or ParmQry and the latter's offset DCh contains information about ODBC parameterized queries.

By modifying this record, an attacker can exploit this vulnerability by enticing a user to open a specially crafted .XLS file.

Successful exploitation of could allow remote attacker to execute arbitrary code on affected systems with the privileges of currently logged-in users.

Workarounds

  • Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.
  • Configure less privilege account for normal users
  • Do not open or save Excel files received from unknown and untrusted sources

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS10-017

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS10-017.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS10-017.mspx http://msdn.microsoft.com/en-us/library/dd953289.aspx

CORE SCURITY
http://www.coresecurity.com/content/CORE-2009-1103

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=20041

SecurityFocus
http://www.securityfocus.com/bid/38555

CVE Name
CVE-2010-0264

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003