Here’s something I haven’t seen before. Up for auction at eBay: Brand new Microsoft Excel Vulnerability.
The vulnerability was discovered on December 6th 2005, all the details were submitted to Microsoft, and the reply was received indicating that they may start working on it. It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product).
More specifically:
Microsoft Excel does not perform sufficient data validation when parsing document files. As a result, it is possible to pass a large counter value to msvcrt.memmove() function which causes critical memory regions to be overwritten, including the stack space. The vulnerability can be exploited to compromise a user’s PC. It is feasible to manipulate the data in the document file to get a code of attacker’s choice executed when malicious file is opened by MS Excel. The exploit code is not included in the auction. You must have very advanced skills if you want to further research this vulnerability.
Part of the terms and conditions:
You may not use this information for malicious or illegal purposes. The information you receive is for educational and research purposes only.
“You may not use this information for malicious or illegal purposes. “
Yeah right. It’s kind of like the gun law thing…
I see this item has been removed from eBay…
What is msvcrt.memmove()?
Would you need to call that via VBA code? If so I don’t see this as a major problem, because if you allow macros you can do just about anything with the user’s computer anyway.
Is there another way to access this function in Excel besides VBA? I feel I am missing something here.
i would guess it’s a c API. I think what hes saying is that you could open an excel file and use the hole to excute your “malicious” code.
From The Register: eBay pulls Excel vulnerability auction
#4, but you could use VBA with no API calls and write really malicious code if you wanted. That is why I was wondering if maybe there was some non-VBA way to run memmove() in Excel? Otherwise I don’t see the big deal. I must be missing something.