Title : Microsoft Office Excel 2010 memory corruption
Version : Microsoft Office professional Plus 2010
Date : 2012-10-27
Vendor : http://office.microsoft.com
Impact : Med/High
Contact : coolkaveh [at] rocketmail.com
Twitter : @coolkaveh
tested : XP SP3 ENG
###############################################################################
Bug :
----
memory corruption during the handling of the xls files a context-dependent attacker
can execute arbitrary code.
----
################################################################################
(b4c.1350): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000584
ebx=00135070
ecx=00001000
edx=0000105f
esi=06a80800
edi=00000040
eip=301ce0d0
esp=001302f0
ebp=00131d6c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Excel.exe -
Excel!Ordinal40+0x1ce0d0:
301ce0d0 668b5008 mov dx,word ptr [eax+8] ds:0023:0000058c=????
################################################################################
Proof of concept included.
http://www36.zippyshare.com/v/48422905/file.html
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22330.rar
