Skip to content
cyberexploits
localwindowstext

Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)

Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)

Published on 2016-04-14

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/windows/local/39694.txt7eac4c3a
raw
#######################################################################################



# Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution

# Application: Microsoft Office Excel

# Affected Products: Microsoft Office Excel 2007,2010,2013,2016

# Software Link: https://products.office.com/en-ca/excel

# Date: April 12, 2016

# CVE: CVE-2016-0122 (MS16-042)

# Author: Sébastien Morin from COSIG

# Contact: https://twitter.com/COSIG_ (@COSIG_)

# Personal contact: https://smsecurity.net/; https://twitter.com/SebMorin1 (@SebMorin1)



#######################################################################################



===================

Introduction:

===================



Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X, and iOS. It features calculation, graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications. It has been a very widely applied spreadsheet for these platforms, especially since version 5 in 1993, and it has replaced Lotus 1-2-3 as the industry standard for spreadsheets. Excel forms part of Microsoft Office.



(https://en.wikipedia.org/wiki/Microsoft_Excel)



#######################################################################################



===================

Report Timeline:

===================



2016-02-06: Sébastien Morin from COSIG report the vulnerability to MSRC.

2016-02-16: MSRC confirm the vulnerability.

2016-04-12: Microsoft fixed the issue (MS16-042).

2016-04-13: Advisory released.

#######################################################################################



===================

Technical details:

===================



This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file (.xlsm). An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.



#######################################################################################



==========

POC:

==========



https://smsecurity.net/wp-content/uploads/2016/04/Microsoft_Office_Excel_Out-of-Bounds_Read_RCE.xlsm

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39694.zip



#######################################################################################
View on GitHub