Reported August 9, 2000 by Jesper M. Johansson

VERSIONS EFFECTED
  • Microsoft Excel 2000
  • Microsoft W
o rd 2000
  • Microsoft Powerpoint 2000

    DESCRIPTION

    An unchecked buffer exists in the code that parses data object tags within HTML-based Office 2000 documents. The flaw can be used to overflow the buffer space where arbitrary code could then be run on the system.

    VENDOR RESPONSE

    Microsoft issued FAQ #FQ00-056, Support Online article Q269880, as well as patch for the Office 2000 with Service Release 1 (SR-1 required to load the patch)

    CREDIT

    Discovered by Jesper M. Johansson