‘Microsoft Office Excel RTD Heap Corruption Vulnerability’

Summary

A critical vulnerability was discovered affecting Microsoft Office Excel.’

Credit:

‘The information has been provided by Nicolas Joly f.
The original article can be found at: http://seclists.org/bugtraq/2010/Jun/101


Details

Vulnerable Systems:
 * Microsoft Office Excel 2002 Service Pack 3

The vulnerability is caused by a heap corruption error when processing malformed RTD (recType 0x813) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.

Patch Availability:
Apply MS10-038 security update:
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx

CVE Information:
CVE-2010-1247

Disclosure Timeline:
2009-12-03 – Vendor notified
2009-12-03 – Vendor response
2010-06-08 – Coordinated public Disclosure’

Categories: Windows