iDefense Security Advisory 05.14.09 – Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.’s Outside In Technology, as included in various vendors’ software distributions, allow attackers to execute arbitrary code. Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77567/05.14.09-5.txt
Source: https://packetstormsecurity.com/files/77567/iDEFENSE-Security-Advisory-2009-05-14.5.html