E18-0pgo1
CVSS:
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
4
Year:
2018
Description
This strike exploits a heap-based buffer overflow vulnerability in Microsoft JET Database Engine components of Microsoft Windows. The vulnerability is due to improper handling of input passed to ExcelReadTotalRecord method within the msexcl40.DLL library. The vulnerability can be exploited by crafting a malicious Excel file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}