HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2010-61
Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability

Original Issue Date: March 10, 2010

Severity Rating: High

System Affected

  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office Excel 2007 Service Pack 1
  • Microsoft Office Excel 2007 Service Pack 2
  • Microsoft Office for Mac
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Microsoft Office Excel Viewer Service Pack 1 and Service Pack 2
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP 1
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Sp 2
  • Microsoft Office SharePoint Server 2007 Service Pack 1 and Service Pack 2 (32-bit editions)
  • Microsoft Office SharePoint Server 2007 Service Pack 1 and Service Pack 2(64-bit editions)

Overview

A remote code execution vulnerability has been reported in Microsoft Office Excel MDXSET records, Successful exploitation of this vulnerabilities could allow an attacker to execute an arbitrary code and take complete control of the affected system in the context of logged in user.

Description

A remote code execution heap-based buffer overflow vulnerability exists in the Microsoft Office Excel when handling MDXSET records in ( '.xls' ) files. An attacker could exploit this vulnerability by creating a specially-crafted Excel file('.xls') containing a malformed MDXSET record and entice user to open the same. Opening this file could result in buffer overflow and allow remote attacker to execute arbitrary code on the vulnerable system or cause the application to crash.

Workarounds

  • Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.
  • Configure less privilege account for normal users
  • Do not open or save Excel files received from unknown and untrusted sources

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS10-017 Microsoft Knowledge Base Article 935865

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
http://support.microsoft.com/kb/935865

AUS-CERT
http://www.auscert.org.au/render.html?it=12500

X-Force-ISS
http://xforce.iss.net/xforce/xfdb/56466

SecurityFocus
http://www.securityfocus.com/bid/38552

F-Secure
http://www.f-secure.com/vulnerabilities/en/SA201006420

Secunia
http://secunia.com/advisories/38805

SecurityTracker
http://securitytracker.com/alerts/2010/Mar/1023698.html

CVE Name
CVE-2010-0261

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003