Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

1) An error within the processing of "SELECTION" records can be exploited to corrupt memory via a malicious Excel document containing a malformed "SELECTION" record.

According to the vendor, this vulnerability is being exploited in the wild.

2) Another error within the processing of "SELECTION" records can also be exploited to corrupt memory via a malicious Excel document containing a malformed "SELECTION" record.

3) An error within the processing of "COLINFO" records can be exploited to corrupt memory via a malicious Excel document containing a malformed "COLINFO" record.

4) An array index is taken directly from the Excel document when processing "OBJECT" records. This can be exploited to execute arbitrary code via a malicious Excel document containing a malformed "OBJECT" record.

5) An error within the processing of "FNGROUPCOUNT" values can be exploited to corrupt memory via a malicious Excel document containing a malformed "FNGROUPCOUNT" value.

6) An error within the processing of "LABEL" records can be exploited to corrupt memory via a malicious Excel document containing a malformed "LABEL" record.

7) An error when rebuilding files with malformed cell comments can be exploited to corrupt memory via a specially crafted Excel file.

8) A memory corruption error in the "repair mode" functionality used for repairing corrupted documents can be exploited to execute arbitrary code via a specially crafted Excel documents.

NOTE: This vulnerability is a so-called 0-day and is already being actively exploited.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) The vendor credits Posidron.
2) Wen Yujie, NSFocus Security Team.
3) Wen Yujie, NSFocus Security Team.
4) Sowhat of Nevis Labs (The vendor also credits Arnaud Dovi and iDEFENSE).
5) Xin Ouyang, Nevis Networks.
6) The vendor credits Shaun Colley, NGSS Consulting.
7) Discovered by Arnaud Dovi and reported via ZDI.
8) Discovered in the wild (the vendor also credits Costin Ionescu, Symantec)

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS06-037 (KB917285):
http://www.microsoft.com/technet/security/Bulletin/MS06-037.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/921365.mspx
http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx

NSFocus:
http://www.nsfocus.com/english/homepage/research/0605.htm
http://www.nsfocus.com/english/homepage/research/0606.htm

Sowhat:
http://secway.org/advisory/AD20060711.txt

Zero Day Initiative:
http://www.zerodayinitiative.com/advisories/ZDI-06-022.html

Deep Links
Links available to Secunia VIM customers