iDefense Security Advisory 06.09.09 – Remote exploitation of an integer overflow vulnerability in Microsoft Corp.’s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78289/06.09.09-1.txt
Source: https://packetstormsecurity.com/files/78289/iDEFENSE-Security-Advisory-2009-06-09.1.html