[VIM] nanika Excel buffer overflow is new
Steven M. Christey
coley at mitre.org
Fri Jul 7 15:06:34 EDT 2006
FYI, I contacted Microsoft and they confirmed that the nanika Excel
overflow is new. The CVE is below.
Reference: BUGTRAQ:20060703 Excel 2000/XP/2003 Style 0day POC
Reference: BUGTRAQ:20060707 Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs
Buffer overflow in certain Asian language versions of Microsoft Excel
might allow user-complicit attackers to execute arbitrary code via a
crafted spreadsheet that triggers the overflow when the user attempts
to repair the document or selects the "Style" option, as demonstrated
by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that
this is different than the other Excel vulnerabilities announced
before 20060707, including CVE-2006-3059 and CVE-2006-3086.
More information about the VIM