|Product||Microsoft Excel 2010, 2013, 2016 (x86 and x64)|
|Type||Out-Of-Bounds Array Access|
Microsoft Office is a suite of desktop applications consisting of Word, Excel, PowerPoint, Outlook and various other productivity applications. Among these, Word, Excel and PowerPoint implemented the Protected-View sandbox technology as a defense-in-depth exploit mitigation.
An out-of-bound array access was discovered while the Excel broker parsed an attacker controlled Protected-View Inter-Process Communication (IPC) message from the sandbox process.
Successful exploitation would allow an attacker to elevate his privileges from AppContainer to Medium, thereby breaking out of the Protected-View sandbox.
The vulnerability existed because the IPC message execution were influenced by a global flag which was set by a preceding IPC message. Subsequently the broker process made an incorrect assumption on the array size and dereference an out-of-bound object at a hardcoded offset.
Avoid opening Microsoft Office Excel files from untrusted sources.
Users should apply the July security updates from Microsoft.
Please refer to the attached advisory.
|2017-03-30||MWR Labs reported vulnerability and POC to MSRC|
|2017-03-30||MSRC acknowledged and open MSRC case 38000|
|2017-04-05||MSRC confirmed they have reproduced the vulnerability|
|2017-06-17||MSRC responded that this will be patched in July 2017
|2017-07-11||MSRC assigned CVE-2017-8502 and released patch for this vulnerability|
|2017-11-23||MWR Labs released advisory|