Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Swordmaker
According to Microsoft, this flaw exists in the Mac OS X version of Excel as well as all current PC versions. However the flaw works by creating a buffer overflow.

The vulnerability is caused due to a boundary error in hlink.dll within the handling of Hyperlinks in e.g. Excel documents. This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted Hyperlink in a malicious Excel document.
Secunia Excel Security Report

This is not as serious a flaw for Mac OS X users. Unlike Windows, OS X does not permit execution of any executable from the buffer... so the most it can do is to crash Excel on a Mac.

3 posted on 06/20/2006 7:53:55 PM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!")
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Swordmaker
...execution of any executable from the buffer...

Oops, make that "Execution of any executable from the stack."

4 posted on 06/20/2006 7:59:48 PM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!")
[ Post Reply | Private Reply | To 3 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson