|
Microsoft Excel Three Code Execution Vulnerabilities
|
|
Secunia Advisory:
|
SA25150
|
|
|
Release Date:
|
2007-05-08
|
|
Last Update:
|
2007-05-09
|
|
Popularity:
|
10,018 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office XP
|
|
|
Binary Analysis:
|
BA127 :: Available for Credits 
BA126 :: Available for Credits
BA125 :: Available for Credits
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2007-0215
CVE-2007-1203
CVE-2007-1214
|
|
Description:
Three vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when handling malformed BIFF records can be exploited to cause a stack-based buffer overflow via a malicious file containing a specially crafted Named Graph record.
2) An error when handling set font values within Excel files can be exploited to corrupt memory via a malicious file containing a specially crafted set font value.
3) An input validation error when handling filter records can be exploited to corrupt memory via a specially crafted file.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Solution:
Apply patches.
Microsoft Excel 2000 (Office SP3):
http://www.microsoft.com/downloads/de...=5F101D03-C0A7-41E0-95A4-A12AFB356D5F
Microsoft Excel 2002 (Office SP3):
http://www.microsoft.com/downloads/de...=29596861-D9F0-4A10-9E1C-CDA75DDE017D
Microsoft Excel 2003 (Office SP2):
http://www.microsoft.com/downloads/de...=9567C583-556F-4379-80BA-3E0C8993C04C
Microsoft Excel 2003 Viewer:
http://www.microsoft.com/downloads/de...=3C7F18AC-24BB-41CF-B8DA-997706FDC44C
Microsoft Office Excel 2007:
http://www.microsoft.com/downloads/de...=CED9F11B-CE48-47A3-9288-BD11B80F3D85
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/de...=50A7924F-DB51-438A-B27D-37E40A471E60
Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac
Provided and/or discovered by:
1) Discovered by Manuel Santamarina Suarez and reported via ZDI.
2) Reported by the vendor.
3) Greg MacManus, iDefense Labs.
Changelog:
2007-05-09: Added additional information from ZDI and iDefense Labs. Added link to US-CERT.
Original Advisory:
MS07-023 (934233):
http://www.microsoft.com/technet/security/Bulletin/MS07-023.mspx
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-026.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=527
Other References:
US-CERT VU#253825:
http://www.kb.cert.org/vuls/id/253825
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
