COSIG-2016-17

COSIG-2016-17

#######################################################################################

# Application: Microsoft Office Excel
# Platforms: Windows, OSX
# Versions: Microsoft Office Excel 2007,2010,2013,2016
# Author: Sébastien Morin of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @COSIG_
# Date: April 12, 2016
# CVE: CVE-2016-0122
# COSIG-2016-17

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#######################################################################################

===================
1) Introduction
===================

Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X, and iOS. It features calculation,
graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications. It has been a
very widely applied spreadsheet for these platforms, especially since version 5 in 1993, and it has replaced Lotus 1-2-3
as the industry standard for spreadsheets. Excel forms part of Microsoft Office.

(https://en.wikipedia.org/wiki/Microsoft_Excel)

#######################################################################################

===================
2) Report Timeline
===================

2016-02-06: Sébastien Morin of COSIG report the vulnerability to MSRC.
2016-02-16: MSRC confirm the vulnerability
2016-04-12: Microsoft fixed the issue (MS16-042).
2016-04-13: Advisory released.

#######################################################################################

===================
3) Technical details
===================

This vulnerability allow remote code execution if a user opens a specially crafted Microsoft Office file (.xlsm).
An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

#######################################################################################

==========
4) POC
==========

COSIG-2016-17

#######################################################################################