Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19384
HistoryMar 12, 2008 - 12:00 a.m.

TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability

2008-03-1200:00:00
vulners.com
14
JSON

TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
March 11, 2008

– CVE ID:
CVE-2008-0116

– Affected Vendors:
Microsoft

– Affected Products:
Microsoft Office Excel 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000

– TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6000.
For further product information on the TippingPoint IPS, visit:

 http://www.tippingpoint.com

– Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Office Excel. Exploitation
requires that the attacker coerce the target into opening a malicious
.XLS file.

The specific flaw exists within the parsing of the BIFF file format used
by Microsoft Excel. During the processing of a malformed tag a heap
allocation can be adversely controlled. When user supplied data is
copied to a heap buffer the resulting data results in a arbitrary memory
overwrite. If successfully exploited this could lead to system
compromise under the credentials of the currently logged in user.

– Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:

http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

– Disclosure Timeline:
2007-10-17 - Vulnerability reported to vendor
2008-03-11 - Coordinated public release of advisory

– Credit:
This vulnerability was discovered by:
* Cody Pierce, TippingPoint DVLabs

Related

seebug 1
cve 1
prion 1
checkpoint_advisories 2
nessus 2
securityvulns 2
seebug
seebug
Microsoft Excel富文本值堆溢出漏洞(MS08-014)
2008-03-14 00:00:00
cve
cve
CVE-2008-0116
2008-03-11 23:44:00
prion
prion
Design/Logic Flaw
2008-03-11 23:44:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)
2008-03-13 00:00:00
Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)
2008-03-13 00:00:00
nessus
nessus
MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
2008-03-11 00:00:00
MS08-014 / MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949029 / 949030) (Mac OS X)
2010-10-20 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-014 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
2008-03-12 00:00:00
Microsoft Office / Excel / Outlook / Web Components multiple security vulnerabilities
2008-03-22 00:00:00
JSON
Related for SECURITYVULNS:DOC:19384
seebug1cve1prion1checkpoint_advisories2nessus2securityvulns2