Additional security flaw in Excel due to buffer overflow
Shortly after acknowledging a security flaw in Excel, Microsoft has confirmed yet another hole in its spreadsheet program. This time, clicking on long links in Excel documents causes a buffer overflow. According to the security specialists at Secunia, the hole can be used to inject arbitrary code and have it executed. Attackers can thus infect a system with viruses and worms by means of specially prepared documents.
Unlike the hole discovered last week, this time simply opening a document is not enough to infect your computer. Rather, users have actively to click on a manipulated link in an Excel file. The user interaction required caused Secunia to rate the problem "highly critical" instead of "extremely critical". The flaw is found in the Windows component hlink.dll, which is used by Excel and other applications and is shipping with Windows 2000, XP, and Server 2003.
The following applications are all affected: Excel 2000, 2002, 2003, Excel Viewer 2003, Office 2000, Office 2003 Professional Edition, Office 2003 Small Business Edition, Office 2003 Standard Edition, Office 2003 Student, the Teacher Edition, and Office XP. It is not currently clear when the problem occurs and whether Word documents are also affected.
No patch is yet available, and the other hole in Excel is also still wide open; Redmond has only released a workaround for the latter.
- Information on Proof of Concept posting about hlink.dll, blog entry at the Microsoft Security Response Center
- Microsoft Excel Unicode Overflow, error report at Full Disclosure