Fortinet Discovers Multiple Memory Corruption Vulnerabilities In Microsoft Office Excel Excel.exe Module
Fortinet's FortiGuard Labs has discovered multiple memory corruption vulnerabilities in Microsoft Office Excel Excel.exe Module.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jun 09, 2009
Use the solution provided by Microsoft.
All the three vulnerabilities lie in "excel.exe", which is used when processing an Excel file. A maliciously crafted document may contain a malformed 1) BRAI record(0x1051)or 2) Object record(0x5d)or 3)Formularecord (0x06) that when processed, will result in memory corruption and allow a remote attacker to arbitrarily execute code on the victims machine.
Bing Liu of Fortinet's FortiGuard Global Security Research Team