Buffer overflow in Microsoft Hyperlink Object Library

A buffer overflow in Windows targets Microsoft Excel spreadsheets

There's a buffer overflow within the Microsoft Hyperlink Object Library (hlink.dll) that allows a remote attacker to cause a denial of service attack and then possibly execute arbitrary code on the compromised PC. This is done via a long hyperlink, as demonstrated when using an Excel worksheet with a long HTML link in Unicode.

Although this sounds similar, this vulnerability is a different from the Unspecified vulnerability in Microsoft Excel, or CVE-2006-3059. This flaw was patched in Microsoft Security Bulletin MS06-050.

Additional Resources:

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET


    Delete your photos by mistake?

    Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.