Thread-topic: Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code
ecurityTracker Alert ID: 1018321
SecurityTracker URL: http://securitytracker.com/id?1018321
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jun 28 2007
Impact: Execution of arbitrary code via network, User access via
Exploit Included: Yes
Version(s): 2000, 2003
Description: A vulnerability was reported in Microsoft Excel. A remote
user can cause arbitrary code to be executed on the target user's
A remote user can create an Excel file with a specially crafted sheet
name that, when loaded by the target user, will trigger a buffer
overflow and execute arbitrary code on the target system. The code will
run with the privileges of the target user.
ZhenHan.Liu of Ph4nt0m Security Team discovered this vulnerability.
A demonstration exploit is available at:
The original advisory is available at:
Impact: A remote user can create a file that, when loaded by the target
user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/ (Links to External Site)
Cause: Boundary error
Underlying OS: Windows (Any)