Thread-topic: [SA20748] Microsoft Office Long Link Buffer Overflow Vulnerability
> ----------------------------------------------------------------------
>
> TITLE:
> Microsoft Office Long Link Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA20748
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Office 2000
>
> Microsoft Excel Viewer 2003
>
> Microsoft Excel 2003
>
> Microsoft Excel 2002
>
> Microsoft Excel 2000
>
> Microsoft Office 2003 Professional Edition
>
> Microsoft Office 2003 Small Business Edition
>
> Microsoft Office 2003 Standard Edition
>
> Microsoft Office 2003 Student and Teacher Edition
>
> Microsoft Office XP
>
>
> DESCRIPTION:
> kcope has discovered a vulnerability in Microsoft Excel, which can be
> exploited by malicious people to compromise a vulnerable system.
>
> The vulnerability is caused due to a boundary error in hlink.dll
> within the handling of Hyperlinks in e.g. Excel documents. This can
> be exploited to cause a stack-based buffer overflow by tricking a
> user into clicking a specially crafted Hyperlink in a malicious Excel
> document.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability has been confirmed in Microsoft Excel 2003 SP2
> (fully updated). Other versions and Office products may also be
> affected.
>
> NOTE: Secunia is currently not aware of this vulnerability being
> actively exploited and working exploit code is not currently publicly
> available. However, the vulnerability is quite simple to exploit and
> it is therefore likely that exploit code is published soon.
>
> SOLUTION:
> Do not open untrusted Microsoft Office documents.
>
> Do not follow links in Microsoft Office documents.
>
> PROVIDED AND/OR DISCOVERED BY:
> kcope
>
