Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability

vendor:

Excel

by:

Shahin

9,3

CVSS

HIGH

Remote Code Execution

119

CWE

Product Name: Excel

Affected Version From: Excel 2002 SP3

Affected Version To: Excel 2002 SP3

Patch Exists: YES

Related CWE: CVE-2010-1248

CPE: a:microsoft:excel:2002:sp3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability

A vulnerability in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Excel file containing a malformed HFPicture record, as exploited in the wild in June 2010.

Mitigation:

Microsoft has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ <  (day 16 binary anlysis)
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

'''

  Title               :  Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability
  Version             :  Excel 2002 SP3
  Analysis            :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  High
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1248

here is BA : http://www.exploit-db.com/maoub-16-microsoft-excel-hfpicture-record-parsing-remote-code-execution-vulnerability/
here is the PoC : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15019.rar (HFPicture_PoC.rar)