This module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack- based buffer overflow. This results aribrary code execution under the context of user the user.

Module Name

exploit/windows/fileformat/ms11_021_xlb_bof

Authors

• Aniway
• abysssec
• sinn3r <sinn3r [at] metasploit.com>
• juan vazquez <juan.vazquez [at] metasploit.com>

References

• CVE-2011-0105
• OSVDB-71765
• MSB-MS11-021
• ZDI-11-121
• URL: http://www.abysssec.com/blog/2011/11/02/microsoft-excel-2007-sp2-buffer-overwrite-vulnerability-ba-exploit-ms11-021/

Targets

• Microsoft Office Excel 2007 on Windows XP
• Microsoft Office Excel 2007 SP2 on Windows XP

Platforms

• windows

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

msf > use exploit/windows/fileformat/ms11_021_xlb_bof

msf exploit(ms11_021_xlb_bof) > show targets …targets…

msf exploit(ms11_021_xlb_bof) > set TARGET <target-id>

msf exploit(ms11_021_xlb_bof) > show options …show and set options…

msf exploit(ms11_021_xlb_bof) > exploit

Related Vulnerabilities

• MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) [Office for Mac]
• MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

Youtube Tutorial