SRC-2016-0040 : Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability
CVE ID:
CVSS Score:
9.3, (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected Vendors:
Microsoft
Affected Products:
Office Excel
- Microsoft Excel 2007 Service Pack 3
- Microsoft Excel 2010 Service Pack 2 (32-bit editions)
- Microsoft Excel 2010 Service Pack 2 (64-bit editions)
- Microsoft Office Compatibility Pack Service Pack 3
- Microsoft Excel Viewer
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of binary Excel files (.xlsb). By providing a malformed file, an attacker can cause a pointer to be re-used after it has been freed. An attacker could leverage this to execute arbitrary code under the context of the current user.
Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details can be found at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3359
Disclosure Timeline:
- 2016-06-29 – Vulnerability reported to vendor
- 2016-09-13 – Coordinated public release of advisory
Proof of Concept:
https://github.com/sourceincite/poc/blob/master/SRC-2016-0040.xlsb
Credit:
This vulnerability was discovered by Steven Seeley of Source Incite