|
 |
|
Microsoft Excel Multiple Code Execution Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA28506
|
|
|
Release Date:
|
2008-01-16
|
|
Last Update:
|
2008-03-14
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
|
| | CVE reference: | CVE-2008-0081 (Secunia mirror)
CVE-2008-0111 (Secunia mirror)
CVE-2008-0112 (Secunia mirror)
CVE-2008-0114 (Secunia mirror)
CVE-2008-0115 (Secunia mirror)
CVE-2008-0116 (Secunia mirror)
CVE-2008-0117 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
1) An error in the handling of macros can be exploited via a specially crafted Excel file to execute arbitrary code.
NOTE: According to Microsoft, this vulnerability is currently being actively exploited.
2) An error when processing data validation (DVAL) records can be exploited to corrupt memory via a specially crafted Excel file.
3) An error when importing files into Excel can be exploited via a specially crafted .slk file.
4) An error in the handling of style records can be exploited to corrupt memory via a specially crafted Excel file.
5) An error in the parsing of formulas can be exploited to corrupt memory via a specially crafted Excel file.
6) An error in the handling of rich text values can be exploited via a specially crafted Excel file.
7) An error in the handling of conditional formatting values can be exploited via a specially crafted Excel file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Apply patches.
Excel 2000 SP3:
http://www.microsoft.com/downloads/de...=f7f90c30-1bfd-406b-a77f-612443e30185
Excel 2002 SP3:
http://www.microsoft.com/downloads/de...=907f96d5-d1e9-4471-b41c-3ac811e63038
Excel 2003 SP2:
http://www.microsoft.com/downloads/de...=296e5f2c-f594-41c8-a20a-3e4c40ae3948
Excel 2007:
http://www.microsoft.com/downloads/de...=e7634cb5-9531-4284-9554-4168fc488e0c
Microsoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/de...=280bb2ac-b21a-46b5-8751-5a50fbebf107
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/de...=e9251d71-9098-4125-ae91-7d4c83ea58ad
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/de...=95DCEB37-B35F-46DB-B280-DB0F3B298AA9
Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/de...=8FE8C32A-6D7A-482B-97C6-42562F089EE4
Provided and/or discovered by:
1) Discovered as a 0-day. The vendor also credits Matt Richard, VeriSign.
2) Greg MacManus, iDefense Labs.
3) The vendor credits Yoshiya Sasaki, JFE Systems.
4) The vendor credits Bing Liu, Fortinet.
5) Reported by an anonymous person via iDefense Labs.
6) Cody Pierce, TippingPoint DVLabs.
7) The vendor credits Moti Joseph and Dan Hubbard, Websense Security Labs.
Changelog:
2008-03-11: Updated "Solution" section. Added additional vulnerabilities.
2008-03-12: Added additional information provided by iDefense Labs and TippingPoint.
2008-03-14: Added links in "Other References" section describing an issue regarding Microsoft Excel 2003 calculations. Updated "Extended Solution" section.
Original Advisory:
MS08-014 (KB949029):
http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
Microsoft (KB947563):
http://www.microsoft.com/technet/security/advisory/947563.mspx
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=671
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=672
TippingPoint DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
Other References:
MSRC Blog:
http://blogs.technet.com/msrc/archive...pdate-march-2008-monthly-release.aspx
KB950340:
http://support.microsoft.com/kb/950340
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
68 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft Publisher Object Handler Validation Vulnerability
|
|
2. Microsoft Word Two Code Execution Vulnerabilities
|
|
3. Microsoft Visio Two File Processing Vulnerabilities
|
|
4. Microsoft Office Web Components Two Vulnerabilities
|
|
5. Microsoft Office Two Code Execution Vulnerabilities
|
|
6. Microsoft Outlook "mailto:" URI Handling Vulnerability
|
|
7. Microsoft Office Object Parsing Memory Corruption Vulnerability
|
|
8. Microsoft Office Publisher File Parsing Vulnerabilities
|
|
9. Microsoft Works File Converter File Parsing Vulnerabilities
|
|
10. Microsoft Windows OLE Automation Memory Corruption
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
