This application requires Javascript for optimal performance.

MS.Office.Excel.Mdxtuple.Heap.Overflow

Release Date

Mar 10, 2010

Severity

high

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates an attack attempt against a memory corruption vulnerability in Microsoft Office Excel.

The vulnerability is caused by an error when the vulnerable software handles a malicious .xls file. It allows a remote attacker to execute arbitrary code via sending a crafted .xls page.

Affected Products

Microsoft Office Excel 2007 Service Pack 1 and Microsoft Office Excel 2007 Service Pack 2
Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms10-017.mspx

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2010-0260

Reference/s

http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx (MS-ID)

Reference: VID-18276