This module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack- based buffer overflow. This results aribrary code execution under the context of user the user.
Module Name
exploit/windows/fileformat/ms11_021_xlb_bof
Authors
- Aniway
- abysssec
- sinn3r <sinn3r [at] metasploit.com>
- juan vazquez <juan.vazquez [at] metasploit.com>
References
- CVE-2011-0105
- OSVDB-71765
- MSB-MS11-021
- ZDI-11-121
- URL: http://www.abysssec.com/blog/2011/11/02/microsoft-excel-2007-sp2-buffer-overwrite-vulnerability-ba-exploit-ms11-021/
Targets
- Microsoft Office Excel 2007 on Windows XP
- Microsoft Office Excel 2007 SP2 on Windows XP
Platforms
- windows
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/fileformat/ms11_021_xlb_bof
msf exploit(
ms11_021_xlb_bof) > show targets
…targets…
msf exploit(
ms11_021_xlb_bof) > set TARGET <target-id>
msf exploit(
ms11_021_xlb_bof) > show options
…show and set options…
msf exploit(
ms11_021_xlb_bof) > exploit
Related Vulnerabilities
- MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) [Office for Mac]
- MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
Youtube Tutorial