|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 589 CVE : CVE-2006-0031 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : XFOCUS Security Team Published : 16.03.2006
Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Relase Date: 2006-03-15 CVE: CVE-2006-0031 Affected Products: ================== Microsoft Office Excel 2000 Microsoft Office Excel XP Microsoft Office Excel 2003 Impact: ======= Microsoft Excel is a popular spreadsheet program of Microsoft Office product. Eyas of XFOCUS Security Team discovered a buffer overflow vulnerability when Excel processes a malicous ".xls" file, which might cause Excel to crash or even execute arbitrary code. Description: ============ Excel will initialize a stack buffer with 0x0e0e0e0e when it open a ".xls" file, but Excel uses a user-supplied length which will cause a stack buffer overflow. The following code is from excel v9.0.0.8924 >> >> .text:3003FE0C movzx eax, word ptr [ebx] >> .text:3003FE0F xor ecx, ecx >> .text:3003FE11 cmp eax, 0Eh >> .text:3003FE14 mov [ebp+var_8], ecx >> .text:3003FE17 jg loc_301C01B5 >> >> .text:301C01B5 mov byte ptr [ebp+ecx+var_138], cl >> .text:301C01BC inc ecx >> .text:301C01BD cmp ecx, 0Eh >> .text:301C01C0 jle short loc_301C01B5 >> .text:301C01C2 cmp ecx, eax >> .text:301C01C4 mov [ebp-8], ecx >> .text:301C01C7 jg loc_3003FFC9 >> .text:301C01CD sub eax, ecx >> .text:301C01CF lea edi, [ebp+ecx+var_138] >> .text:301C01D6 inc eax >> .text:301C01D7 mov edx, eax >> .text:301C01D9 mov eax, 0E0E0E0Eh >> .text:301C01DE mov ecx, edx >> .text:301C01E0 mov esi, ecx >> .text:301C01E2 shr ecx, 2 >> .text:301C01E5 rep stosd <== buffer overflow Vendor Status: ============== 2005.12.27 Informed the vendor. 2006.01.03 The vendor confirmed the vulnerability. 2006.03.14 The vendor releases a new version to fix the vulnerability. The vendor has released patch to fix this vulnerability, which is available for download at: http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx - -- Kind Regards, - --- XFOCUS Security Team http://www.xfocus.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEF5nIwhDwaF6cSWIRApKUAJ4/uJTH3wMPN2CtiePk59xqB9kJIwCePBoa 5DmfZj+YZc1IqX/EKsvyqBA= =EAQ7 -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |