You are here

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

May 2, 2011 - 7:42am

Addthis

PROBLEM:

Microsoft Excel is prone to a remote code-execution vulnerability because the applications fail to sufficiently validate user-supplied input.

PLATFORM:

Microsoft Excel (2002-2010)

ABSTRACT:

Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

reference LINKS:

SecurityFocus
CVE-2011-0978

IMPACT ASSESSMENT:

High

Discussion:

Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input.
Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Solution:

Currently we are not aware of any vendor-supplied patches.

Addthis