Skip to content


This seems to be a popular search:


Sometimes it is just this:


Could this be meant for XLSX; the flaw in Microsoft decompression of XLSX files?

The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.

The problem was from a lack of validation on the ZIP header when the XML was decompressed. This allowed memory space to be exploited and then remote code could be executed. The vulnerabilities were reported (seven of them) in July of 2009 and Microsoft released a fix in March 2010 with MS10-017

Not XLlpX, but similar.

Posted in Security.

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

or, reply to this post via trackback.