Microsoft Office Excel Out-of-Bounds Read Remote Code Execution

2016.04.15
Credit: COSIG
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

####################################################################################### # Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution # Application: Microsoft Office Excel # Affected Products: Microsoft Office Excel 2007,2010,2013,2016 # Software Link: https://products.office.com/en-ca/excel # Date: April 12, 2016 # CVE: CVE-2016-0122 (MS16-042) # Author: Sébastien Morin from COSIG # Contact: https://twitter.com/COSIG_ (@COSIG_) # Personal contact: https://smsecurity.net/; https://twitter.com/SebMorin1 (@SebMorin1) ####################################################################################### =================== Introduction: =================== Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X, and iOS. It features calculation, graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications. It has been a very widely applied spreadsheet for these platforms, especially since version 5 in 1993, and it has replaced Lotus 1-2-3 as the industry standard for spreadsheets. Excel forms part of Microsoft Office. (https://en.wikipedia.org/wiki/Microsoft_Excel) ####################################################################################### =================== Report Timeline: =================== 2016-02-06: Sébastien Morin from COSIG report the vulnerability to MSRC. 2016-02-16: MSRC confirm the vulnerability. 2016-04-12: Microsoft fixed the issue (MS16-042). 2016-04-13: Advisory released. ####################################################################################### =================== Technical details: =================== This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file (.xlsm). An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. ####################################################################################### ========== POC: ========== https://smsecurity.net/wp-content/uploads/2016/04/Microsoft_Office_Excel_Out-of-Bounds_Read_RCE.xlsm #######################################################################################

References:

https://smsecurity.net/wp-content/uploads/2016/04/Microsoft_Office_Excel_Out-of-Bounds_Read_RCE.xlsm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top