SRC-2016-0036 : Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability



CVSS Score:

9.3, (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Vendors:


Affected Products:

Office Excel

  • Microsoft Excel 2010 Service Pack 2 (32-bit editions)
  • Microsoft Excel 2010 Service Pack 2 (64-bit editions)

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of binary Excel files (.xlsb). By providing a malformed file, an attacker can cause a pointer to be re-used after it has been freed. An attacker could leverage this to execute arbitrary code under the context of the current user.

Vendor Response:

Microsoft has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline:

  • 2016-06-29 – Vulnerability reported to vendor
  • 2016-09-13 – Coordinated public release of advisory

Proof of Concept:


This vulnerability was discovered by Steven Seeley of Source Incite