Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities

Bugtraq ID:	23755
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-2495
Remote:	Yes
Local:	No
Published:	May 02 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai is credited with the discovery of these vulnerabilities.
Vulnerable:	Office OCX Excel Viewer 3.1
Not Vulnerable:

Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities

Excel Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Excel Viewer ActiveX Control 3.1 is reported vulnerable to these issues; other versions may also be affected.

Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities

The following proof of concept is available:

• /data/vulnerabilities/exploits/Excel Viewer_ActiveX_exp.txt

Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities

References:

• Excel Viewer OCX Homepage (Office OCX)
  
• MoAxB #02: ExcelViewer.ocx 3.1 multiple methods DoS (shinnai)