Microsoft Excel SxView Record Parsing Heap Memory Corruption

vendor:

Microsoft Excel

by:

Shahin

7.5

CVSS

HIGH

Heap Memory Corruption

CWE

Product Name: Microsoft Excel

Affected Version From: Excel 2002 SP3

Affected Version To:

Patch Exists: YES

Related CWE: CVE-2010-1245

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

Microsoft Excel SxView Record Parsing Heap Memory Corruption

The vulnerability exists in Microsoft Excel 2002 SP3. An attacker can exploit this vulnerability to corrupt the heap memory, leading to potential remote code execution.

Mitigation:

Apply the latest security patches from Microsoft to address this vulnerability.

Source

Exploit-DB raw data:

'''
  __  __  ____         _    _ ____
 |  \/  |/ __ \   /\  | |  | |  _ \
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ <  (day 29 binary analysis)
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/
  
'''
  
  Title               :  Microsoft Excel SxView  Record Parsing Heap Memory Corruption
  Version             :  Excel 2002 SP3
  Analysis            :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  High
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1245
  
here is BA : http://www.exploit-db.com/moaub-29-microsoft-excel-sxview-record-parsing-memory-corruption/
here is the PoC : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15148.rar (moaub-29-exploit.rar)