Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: MS Excel Remote Code Execution POC Exploit
From: naveed <naveedafzal () gmail com>
Date: Sun, 25 Jun 2006 11:59:57 +0500

yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll

On 6/25/06, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
It appears that two references mentioned in code posting (see Advisories) are erroneous.
Code posting says about error while handling malformed URL strings; i.e. this is vulnerability mentioned at


Let's say so-called 2nd Excel vulnerability reported within a week.
This issue is aka Windows hlink.dll vulnerability, see

- Juha-Matti

naveed <naveedafzal () gmail com> wrote:

* Microsoft Excel Remote Code Execution Proof Of Concept.
* Tested against : Excel 2000 on Win XP SP1 , and Win2000 SP4
* Description:
* Microsoft Excel is prone to a remote code execution issue
* which may be triggered when a malformed Excel document is opened.
* The issue is due to an error in Excel while handling malformed URL
* strings. there may be other ways to trigger this vulnerability,
* successful exploitation could allow an attacker to execute
* arbitrary code with the privileges of the user running Excel.
* Code execution is dependent upon certain factors including the
* overflow condition, the MS Excel version and the host OS and SP.
* If you cannot get it to work, attach it with the debugger check
* the stack layout and the rest is on your imagination. :) :)
* Compile with MS VC++ or g++ ,it will generate the Excel file
* Clicking the link in the file binds the shell ,
* C:\nc localhost 4444
* Advisories:
* http://www.microsoft.com/technet/security/advisory/921365.mspx
* http://www.securityfocus.com/bid/18422/


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]