Related information

Microsoft Excel multiple security vulnerabilities

iDefense Security Advisory 06.11.09: Microsoft Excel SST Record Integer Overflow Vulnerability

ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability

Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability

Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability

From:	noreply_(at)_telus.com <noreply_(at)_telus.com>
Date:	10.06.2009
Subject:	TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow

Microsoft Office Excel Malformed Records Stack Buffer Overflow

TSL ID   : FSC20090609-01
Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01

1. Affected Software

 Microsoft Office Excel 2000
 Microsoft Office Excel 2002

Reference: http://office.microsoft.com/en-us/excel/default.aspx

2. Vulnerability Summary

A remotely exploitable vulnerability has been discovered in Microsoft Office Excel products. Specifically, the
vulnerability is due to a design error encountered when parsing Excel files which contain malformed records. Remote
attackers can exploit this vulnerability by enticing target users to open a malicious Excel file.

3. Vulnerability Analysis

A remote attacker can exploit the vulnerability by sending a malicious Excel file to the target system and enticing the
target user to open it. A successful code execution attempt will result in the execution of arbitrary code within the
security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of
the Microsoft Office Excel application.

4. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

 Microsoft Office Excel 2000

5. Workaround

Apply the vendor's patch, remove file associations to affected files, or block Excel resources originating from untrusted
networks.

6. Vendor Response

Microsoft has released a bulletin addressing this vulnerability.

Reference: http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx

7. Disclosure Timeline

 2008-12-23 Reported to vendor
 2008-12-23 Initial vendor response
 2009-06-09 Vendor disclosure

8. Credits

Vulnerability Research Team, TELUS Security Labs

9. References

 CVE: FSC20090609-01
 Vendor: MS09-021

10. About TELUS Security Labs Vulnerability Research Service

The Vulnerability Research Service (VRS) gives an in-depth understanding of the mechanisms and properties of software
vulnerabilities. This service provides lab-based analysis of vulnerabilities based on disassembly, protocol analysis, and
source-code analysis.

Our vulnerability data enables security product vendors to deliver product updates without the need for additional
research. This data also gives MSPs and enterprise security teams the tools and knowledge to more effectively protect their
environments without time-consuming research.

http://telussecuritylabs.com/vulnerabilities