[security-alerts] Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

http://securitytracker.com/alerts/2007/Jun/1018321.html

ecurityTracker Alert ID:  1018321
SecurityTracker URL:  http://securitytracker.com/id?1018321
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 28 2007
Impact:  Execution of arbitrary code via network, User access via
network
Exploit Included:  Yes  
Version(s): 2000, 2003
Description:  A vulnerability was reported in Microsoft Excel. A remote
user can cause arbitrary code to be executed on the target user's
system.

A remote user can create an Excel file with a specially crafted sheet
name that, when loaded by the target user, will trigger a buffer
overflow and execute arbitrary code on the target system. The code will
run with the privileges of the target user.

ZhenHan.Liu of Ph4nt0m Security Team discovered this vulnerability.

A demonstration exploit is available at:

http://www.milw0rm.com/sploits/06272007-2670.zip

The original advisory is available at:

http://pstgroup.blogspot.com/2007/06/exploitmicrosoft-excel-20002003-she
et.html
Impact:  A remote user can create a file that, when loaded by the target
user, will execute arbitrary code on the target user's system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)