CERT-In Vulnerability Note CIVN-2007-02
Microsoft Excel Malformed Column Record, Palette Record, IMDATA Record and String Vulnerabilities

Original Issue Date: January 11, 2007

Severity Rating: High

System Affected

• Microsoft Office 2000 Service Pack 3 and Microsoft Excel 2000
• Microsoft Office XP Service Pack 3 and Microsoft Excel 2002
• Microsoft Office 2003 Service Pack 2 and Microsoft Excel 2003, Microsoft Office Excel Viewer 2003
• Microsoft Works Suites: Microsoft Works Suite 2004,
  Microsoft Works Suite 2005
• Microsoft Office 2004 for Mac
• Microsoft Office v. X for Mac

Overview

Multiple vulnerabilities have been reported in the way Microsoft Excel handles IMDATA, Column, Palette Records which could allow remote attackers who successfully exploit these vulnerabilities to take complete control of the affected system.

Description

1. Excel Malformed IMDATA Record Vulnerability ( CVE-2007-0027 )

This vulnerability is caused due to insufficient data validation by Excel when processing the IMDATA records. An attacker could exploit this vulnerability by creating a maliciously crafted Excel document and persuade a user to open the same. When Excel opens the specially crafted Excel file and parses a malformed IMDATA record, it may corrupt system memory in such a way that an attacker could execute arbitrary code.

2. Excel Malformed Record Vulnerability ( CVE-2007-0028 )

This vulnerability is caused due to insufficient data validation by Excel when processing the content of a file. An attacker could exploit this vulnerability by creating a malicious file and entice a user to open the same. When Excel parses the malicious file and processes a malformed record the remote attacker could execute arbitrary code on victim's system.

3. Excel Malformed String Vulnerability ( CVE-2007-0029)

This vulnerability is caused because Excel does not perform sufficient data validation when processing the content of a file. An attacker could exploit this vulnerability by creating a malicious file with malformed string and entice a user to open the same. When Excel parses the malicious string the remote attacker could execute arbitrary code on victim's system

4. Excel Malformed Column Record Vulnerability (CVE-2007-0030)

This vulnerability is caused since Excel fails to properly handle malformed Column records. When an Excel file is opened, Excel does not properly perform data validation on the Column record. An attacker could exploit this vulnerability by creating a specially crafted Column record in the Excel file and entice a user to open the same. When this malicious file is opened, the system memory could be corrupted, allowing the attacker to execute arbitrary code.

5. Excel Malformed Palette Record Vulnerability ( CVE-2007-0031)

This vulnerability is caused since Excel fails to perform data validation on Palette records embedded in documents. An attacker could exploit this vulnerability by creating a specially crafted Palette record in the Excel file and entice a user to open the same. When this malicious file is opened, the system memory could be corrupted, allowing the attacker to execute arbitrary code.

Note: If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

WorkAround

Do not open or save Microsoft Excel files received from untrusted sources.

Solution

Vendor Information

http://www.microsoft.com/technet/security/bulletin/ms07-002.mspx

References

Secunia
http://secunia.com/advisories/23676/

Security Focus
http://www.securityfocus.com/bid/21856
http://www.securityfocus.com/bid/21952
http://www.securityfocus.com/bid/21877
http://www.securityfocus.com/bid/21925
http://www.securityfocus.com/bid/21922

CVE Name
CVE-2007-0027
CVE-2007-0028
CVE-2007-0029
CVE-2007-0030
CVE-2007-0031

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003