Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Fortinet Security Advisory: FSA-2006-08

From: Fortinet Research <vulnmoniter () fortinet com>
Date: Tue, 14 Mar 2006 13:13:02 -0800
Fortinet Security Advisory: FSA-2006-08

Microsoft Excel Column Index Improper Memory Access

Advisory Date      : March 14, 2006                     
Reported Date      : January 24, 2006
Vendor             : Microsoft                  
Affected Products  : Microsoft Excel 2003 Chinese Version
                     Windows XP Home Edition Chinese Version and 
                     possible all versions of Microsoft Excel.
Severity           : High
Reference          : http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
                     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0029
                     http://www.securityfocus.com/bid/15780
                   
Description        : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in 
the Microsoft Excel software. This vulnerability is due to Microsoft Excel's manipulation of opcode 0x001D, when 
provided with a random Column Index, it will cause a Improper Memory Access. An remote attacker could construct a .xls 
file and put it on controlled web site. When the user opens the .xls file with Microsoft Internet Explorer, the browser 
will call Microsoft Excel to open the .xls file automatically, and this will cause Microsoft Excel to crash. If excel 
file is specially crafted, it may allow attackers to execute arbitrary code on the affected system.

Impact             : Execution of arbitrary code leading to system compromise.

Solution           : Microsoft has released a update for this vulnerability, which is available for downloading from 
Microsoft web site, see reference. 

Fortinet Protection: FortiGate series of security systems have been updated to detect exploits targeting this 
vulnerability.

Acknowledgment     : Dejun Meng of Fortinet Security Research team found this vulnerability. 

Disclaimer         : Although Fortinet has attempted to provide accurate information in these materials, Fortinet 
assumes no legal responsibility for the accuracy or completeness of the information. More specific information is 
available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any 
guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: