Buffer overflow in Microsoft Hyperlink Object Library

A buffer overflow in Windows targets Microsoft Excel spreadsheets

There's a buffer overflow within the Microsoft Hyperlink Object Library (hlink.dll) that allows a remote attacker to cause a denial of service attack and then possibly execute arbitrary code on the compromised PC. This is done via a long hyperlink, as demonstrated when using an Excel worksheet with a long HTML link in Unicode.

Although this sounds similar, this vulnerability is a different from the Unspecified vulnerability in Microsoft Excel, or CVE-2006-3059. This flaw was patched in Microsoft Security Bulletin MS06-050.

Additional Resources:

Featured Video