NCSS 2007 Spreadsheet File Processing Array-Indexing
NCSS 2007 Spreadsheet File Processing Array-Indexing Vulnerability
Release Date : 2011-09-29
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: NCSS 2007 7.x
Luigi Auriemma has discovered a vulnerability in NCSS 2007, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an array-indexing error in the VCF132.OCX module when processing certain data and can be exploited to corrupt memory via a specially crafted Spreadsheet file (".s0").
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vulnerability is confirmed in version 07.1.21. Other versions may also be affected.
Do not open files from untrusted sources.
Provided and/or discovered by: