Metasploit modules that can be used to exploit Microsoft » Excel Viewer
-
MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability
Disclosure Date: 2009-11-10First seen: 2020-04-26exploit/windows/fileformat/ms09_067_excel_featheaderThis module exploits a vulnerability in the handling of the FEATHEADER record by Microsoft Excel. Revisions of Office XP and later prior to the release of the MS09-067 bulletin are vulnerable. When processing a FEATHEADER (Shared Feature) record, Microsoft used a data structure from the file to calculate a pointer offset without doing proper validation. Attacker supplied data is then used to calculate the location of an object, and in turn a virtual function call. This results in arbitrary code execution. NOTE: On some versions of Office, the user will need to dismiss a warning dialog prior to the payload executing. Authors: - Sean Larsson - jduck <jduck@metasploit.com>
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details