‘Microsoft Office Excel RTD Heap Corruption Vulnerability’


A critical vulnerability was discovered affecting Microsoft Office Excel.’


‘The information has been provided by Nicolas Joly f.
The original article can be found at: http://seclists.org/bugtraq/2010/Jun/101


Vulnerable Systems:
 * Microsoft Office Excel 2002 Service Pack 3

The vulnerability is caused by a heap corruption error when processing malformed RTD (recType 0x813) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.

Patch Availability:
Apply MS10-038 security update:

CVE Information:

Disclosure Timeline:
2009-12-03 – Vendor notified
2009-12-03 – Vendor response
2010-06-08 – Coordinated public Disclosure’

Categories: Windows