A vulnerability has been identified in Office OCX Excel Viewer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the "ExcelViewer.ocx" ActiveX control when calling certain methods e.g. "HttpDownloadFile()" with overly long arguments, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products

Office OCX Excel Viewer version 3.1.0.6 and prior

Solution

Set a kill bit for the CLSID {18A295DA-088E-42D1-BE31-5028D7F9B965}.

VUPEN Security is not aware of any vendor-supplied patch.

References

http://www.vupen.com/english/advisories/2007/1613
http://moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html

Credits

Vulnerability reported by shinnai

Changelog

2007-05-02 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.