SecurityTracker: Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Microsoft Excel

Vendors: Microsoft

Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed

SecurityTracker Alert ID: 1015333

SecurityTracker URL: http://securitytracker.com/id/1015333

CVE Reference: CVE-2005-4131 (Links to External Site)

Updated: Mar 14 2006

Original Entry Date: Dec 8 2005

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2000, 2002, 2003; Excel X for Mac; Excel 2004 for Mac

Description: A vulnerability was reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Excel document that, when loaded by the target user, will trigger a stack overflow and potentially execute arbitrary code. The code will run with the privileges of the target user. No further details were provided.

fearwall reported this vulnerability in an eBay offering (eBay Item number: 7203336538).

Impact: A remote user can create a file that, when loaded by the target user, will cause arbitrary code to be executed on the target user's system.

Solution: The vendor has issued a fix for the Excel vulnerability was part of the following MS06-012 fixes. [Editor's note: Though this particular vulnerability only affects Excel, the MS06-012 release includes fixes for other vulnerabilities and so they are listed below.]

Microsoft Word 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4

Microsoft Excel 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C9433440-31EF-4C18-A0C7-B595EA23F6FC

Microsoft Outlook 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2B231231-AC83-4688-9C8D-DCDCB544FB3C

Microsoft PowerPoint 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F24D4BD0-4771-4688-B52A-02D4EABB1574

Microsoft Office 2000 MultiLanguage Packs:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0AAA1700-766F-4979-B51F-AAA0A24EF2E8

Microsoft Word 2002:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en

Microsoft Excel 2002:

http://www.microsoft.com/downloads/details.aspx?FamilyId=643337C7-8A47-4FA3-AB58-7A916B33607D&displaylang=en

Microsoft Outlook 2002:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0D4441-4F88-4B59-A4F3-6FB558EF8135

Microsoft PowerPoint 2002:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C74CB45B-CF92-4EFC-8DBE-DBF4BDEBE215

Microsoft Office XP Multilingual User Interface Packs:

http://www.microsoft.com/downloads/details.aspx?FamilyId=589D9ABB-6308-4208-881C-CE58D6972E1F&displaylang=en

Microsoft Excel 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=AC22F83A-B409-4469-984E-6C19D8F5FE41&displaylang=en

Microsoft Excel 2003 Viewer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7DBADBD1-0542-475B-91B5-90DD2AF2C0FC&displaylang=en

Microsoft Works Suite 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en

Microsoft Works Suite 2001:

http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en

Microsoft Works Suite 2002:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en

Microsoft Works Suite 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en

Microsoft Works Suite 2004:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en

Microsoft Works Suite 2005:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en

Microsoft Works Suite 2006:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en

Microsoft Office X for Mac:

http://www.microsoft.com/mac/

Microsoft Office 2004 for Mac:

http://www.microsoft.com/mac/

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx

Vendor URL: www.microsoft.com/technet/security/Bulletin/MS06-012.mspx (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (OS X), Windows (2000), Windows (2003), Windows (XP)

Message History: None.

Source Message Contents

Date: Thu, 8 Dec 2005 16:18:47 -0500
Subject: Microsoft Excel vulnerability


eBay Item number: 7203336538

> Microsoft Excel does not perform sufficient data validation when parsing document 
> files. As a result, it is possible to pass a large counter value to msvcrt.memmove() 
> function which causes critical memory regions to be overwritten, including the stack 
> space. The vulnerability can be exploited to compromise a user's PC. It is feasible 
> to manipulate the data in the document file to get a code of attacker's choice 
> executed when malicious file is opened by MS Excel.

fearwall reported this vulnerability.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC