Intel Security
open

(MS10-038) Microsoft Office Excel RTD Memory Corruption Vulnerability (2027452)

Threat Detail

  • Vulnerability Type: Logic error
  • Impact of Exploitation: Maliciously Crafted File
  • CVE Reference: N/A

A vulnerability exists in Microsoft Office Excel that could result in remote code execution.

A vulnerability exists in Microsoft Office Excel that could result in remote code execution. The vulnerability is in the way that Excel handles specially crafted Excel files. Successful exploitation of this vulnerability could allow an attacker to take complete control of an affected system.

Attack Vector

Maliciously Crafted File

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Windows   XP SP3,

2010-06-08

Vendor has provided a patch.

2010-09-10

A proof of concept has been released.

The vendor has released an update to address this issue
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx

(MS10-038) Microsoft Office Excel RTD Memory Corruption Vulnerability (2027452)
http://www.microsoft.com/technet/security/bulletin/MS10-038.mspx