iDefense Security Advisory 05.14.09 – Remote exploitation of a buffer overflow vulnerability in Oracle Corp.’s Outside In Technology, as included in various vendors’ software distributions, allows attacker to execute arbitrary code. This vulnerability exists due to the lack of bounds checking when processing certain records within a Microsoft Excel spreadsheet. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit. By crafting an Excel spreadsheet file properly, it is possible to write beyond the bounds of the stack buffer. The resulting stack corruption leads to arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77566/05.14.09-4.txt
Source: https://packetstormsecurity.com/files/77566/iDEFENSE-Security-Advisory-2009-05-14.4.html