Microsoft Office Excel 2013 memory corruption



EKU-ID: 2780 CVE: OSVDB-ID:
Author: coolkaveh Published: 2012-11-13 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Title     :  Microsoft Office Excel 2013 memory corruption 
Version   :  Microsoft Office professional Plus 2013
Date      :  2012-11-10
Vendor    :  http://office.microsoft.com 
Impact    :  Med/High 
Contact   :  coolkaveh [at] rocketmail.com 
Twitter   :  @coolkaveh 
tested    :  Windows 7
############################################################################### 
Bug : 
---- 
memory corruption during the handling of the xls files a context-dependent attacker  
can execute arbitrary code. 
----  
################################################################################
(ca8.b38): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000170 
ebx=0873cf6c 
ecx=00000170 
edx=00000008 
esi=01bc1fd0 
edi=00000180
eip=0047f35e esp=001f23ac ebp=001f23b8 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for Excel.exe - 
Excel!Ordinal43+0x1af35e:
0047f35e 8a07            mov     al,byte ptr [edi]          ds:0023:00000180=??
0:000> k
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
001f23b8 00630a89 Excel!Ordinal43+0x1af35e
001f2424 00630afc Excel!Ordinal43+0x360a89
001f243c 00435e1a Excel!Ordinal43+0x360afc
001f3f28 0043ccb0 Excel!Ordinal43+0x165e1a
001f4554 0042e0b1 Excel!Ordinal43+0x16ccb0
001f47e0 0042ec5e Excel!Ordinal43+0x15e0b1
001f4cc8 0042da24 Excel!Ordinal43+0x15ec5e
001f4cdc 00424325 Excel!Ordinal43+0x15da24
001f4dc8 00424183 Excel!Ordinal43+0x154325
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll - 
001f4f70 5eee27b2 Excel!Ordinal43+0x154183
001f5044 5eee2d21 mso!Ordinal570+0x193c
001f50a4 5eee2848 mso!Ordinal570+0x1eab
001f5104 5eee2d21 mso!Ordinal570+0x19d2
001f5164 5eee297a mso!Ordinal570+0x1eab
001f5224 5eeeb23f mso!Ordinal570+0x1b04
001f526c 00423f5d mso!Ordinal8585+0x463
001f52fc 00423fe4 Excel!Ordinal43+0x153f5d
001f611c 00406f24 Excel!Ordinal43+0x153fe4
001f6fa8 0040a5c1 Excel!Ordinal43+0x136f24
001f72a8 003fa7c1 Excel!Ordinal43+0x13a5c1
################################################################################
Proof of concept included.
http://www29.zippyshare.com/v/55114943/file.html