New Search

Record Integer Overflow Vulnerability

oval:org.mitre.oval:def:5925

Integer overflow in Excel in Microsoft Office 2000 SP3 Office XP SP3 Office 2003 SP3 and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word Excel and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings which triggers a heap-based buffer overflow aka "Record Integer Overflow Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2009-0561
Product(s):
  • Microsoft Excel 2002
  • Microsoft Office Compatibility Pack
  • Microsoft Excel 2000
  • Microsoft Excel 2003
  • Microsoft Office Excel Viewer
  • Microsoft Office Excel Viewer 2003
  • Microsoft Office SharePoint Server 2007
  • Microsoft Excel 2007