Fortinet Security Advisory: FSA-2006-08
Fortinet Security Advisory: FSA-2006-08
Microsoft Excel Column Index Improper Memory Access
Advisory Date : March 14, 2006
Reported Date : January 24, 2006
Vendor : Microsoft
Affected Products : Microsoft Excel 2003 Chinese Version
Windows XP Home Edition Chinese Version and
possible all versions of Microsoft Excel.
Severity : High
Reference :
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0029
http://www.securityfocus.com/bid/15780
Description : Fortinet Security Research Team (FSRT) has discovered a
Improper Memory Access Vulnerability in the Microsoft Excel software. This
vulnerability is due to Microsoft Excel's manipulation of opcode 0x001D, when
provided with a random Column Index, it will cause a Improper Memory Access. An
remote attacker could construct a .xls file and put it on controlled web site.
When the user opens the .xls file with Microsoft Internet Explorer, the browser
will call Microsoft Excel to open the .xls file automatically, and this will
cause Microsoft Excel to crash. If excel file is specially crafted, it may
allow attackers to execute arbitrary code on the affected system.
Impact : Execution of arbitrary code leading to system compromise.
Solution : Microsoft has released a update for this vulnerability,
which is available for downloading from Microsoft web site, see reference.
Fortinet Protection: FortiGate series of security systems have been updated to
detect exploits targeting this vulnerability.
Acknowledgment : Dejun Meng of Fortinet Security Research team found this
vulnerability.
Disclaimer : Although Fortinet has attempted to provide accurate
information in these materials, Fortinet assumes no legal responsibility for
the accuracy or completeness of the information. More specific information is
available on request from Fortinet. Please note that Fortinet's product
information does not constitute or contain any guarantee, warranty or legally
binding representation, unless expressly identified as such in a duly signed
writing.