SRC-2016-0044 : Microsoft Office Excel MakeAbsoluteSD pDacl Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE ID:
CVSS Score:
6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Affected Vendors:
Microsoft
Affected Products:
Office Excel
- Microsoft Excel 2007 Service Pack 3
- Microsoft Excel 2010 Service Pack 2 (32-bit editions)
- Microsoft Excel 2010 Service Pack 2 (64-bit editions)
- Microsoft Excel 2013 Service Pack 1 (32-bit editions)
- Microsoft Excel 2013 Service Pack 1 (64-bit editions)
- Microsoft Excel 2013 RT Service Pack 1
- Microsoft Excel 2016 (32-bit edition)
- Microsoft Excel 2016 (64-bit edition)
- Microsoft Office Compatibility Pack Service Pack 3
- Microsoft Excel Viewer
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within processing of binary Excel files (.xlsb). By providing a malformed file, an attacker can cause an out-of-bounds write condition in the MakeAbsoluteSD() function by setting the pDacl source buffer to contain a controlled size value. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details can be found at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7265
Disclosure Timeline:
- 2016-09-21 – Vulnerability reported to vendor
- 2016-12-13 – Coordinated public release of advisory
Credit:
This vulnerability was discovered by Steven Seeley of Source Incite