Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption

Research

Home >> Research>> Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption

TSL ID	FSC20100309-11
CVE ID(s)	CVE-2010-0264
Severity	High
Description	A memory corruption vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to a flaw while parsing DbOrParamQry records. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate. Microsoft has provided patches to address this vulnerability at: http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
Affected Products	Microsoft Excel 2002 Microsoft Excel 2004 for Mac Microsoft Excel 2008 for Mac Microsoft Open XML File Format Convertor for Mac .
CVSS Score	Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Access vector is NETWORK Access complexity is MEDIUM Level of authentication required is NONE Impact of this vulnerability on data confidentiality is PARTIAL Impact of this vulnerability on data integrity is PARTIAL Impact of this vulnerability on data availability is PARTIAL Temporal 5.0 (E:U/RL:OF/RC:C): The exploitability level of this vulnerability is UNPROVEN The remediation level of this vulnerability is OFFICIAL FIX The report confidence level of this vulnerability is CONFIRMED