Buffer overflow in Microsoft Hyperlink Object Library

A buffer overflow in Windows targets Microsoft Excel spreadsheets

There's a buffer overflow within the Microsoft Hyperlink Object Library (hlink.dll) that allows a remote attacker to cause a denial of service attack and then possibly execute arbitrary code on the compromised PC. This is done via a long hyperlink, as demonstrated when using an Excel worksheet with a long HTML link in Unicode.

Although this sounds similar, this vulnerability is a different from the Unspecified vulnerability in Microsoft Excel, or CVE-2006-3059. This flaw was patched in Microsoft Security Bulletin MS06-050.

Additional Resources:

Tags:
Mobile
About the author

    As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.