PCWorks: Vulnerabilities in Microsoft Excel & Office-Three Code Execution

Thread: PCWorks: Vulnerabilities in Microsoft Excel & Office-Three Code Execution

Search this list only Search all lists
PCWorks: Vulnerabilities in Microsoft Excel & Office-Three Code Execution
United States	2007-05-09 01:04:18
TITLE: Microsoft Excel Three Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA25150 VERIFY ADVISORY: http://secunia.c om/advisories/25150/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Office XP http://secunia.com/pro duct/23/ Microsoft Office Excel 2007 http://secunia.com/ product/14161/ Microsoft Office 2007 http://secunia.com/ product/13228/ Microsoft Office 2004 for Mac http://secunia.com/p roduct/8713/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/p roduct/2278/ Microsoft Office 2003 Standard Edition http://secunia.com/p roduct/2275/ Microsoft Office 2003 Small Business Edition http://secunia.com/p roduct/2277/ Microsoft Office 2003 Professional Edition http://secunia.com/p roduct/2276/ Microsoft Office 2000 http://secunia.com/pro duct/24/ Microsoft Excel Viewer 2003 http://secunia.com/p roduct/7700/ Microsoft Excel 2003 http://secunia.com/p roduct/4970/ Microsoft Excel 2002 http://secunia.com/p roduct/4043/ Microsoft Excel 2000 http://secunia.com/p roduct/3054/ Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats http://secunia.com/ product/14165/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. 1) An error when handling malformed BIFF records can be exploited to corrupt memory via a specially crafted file. 2) An error when handling set font values within Excel files can be exploited to corrupt memory via a malicious file containing a specially crafted set font value. 3) An error when handling filter records can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Excel 2000 (Office SP3): http://www.microsof t.com/downloads/details.aspx?FamilyId=5F101D03-C0A7-41E0-95A 4-A12AFB356D5F Microsoft Excel 2002 (Office SP3): http://www.microsof t.com/downloads/details.aspx?FamilyId=29596861-D9F0-4A10-9E1 C-CDA75DDE017D Microsoft Excel 2003 (Office SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=9567C583-556F-4379-80B A-3E0C8993C04C Microsoft Excel 2003 Viewer: http://www.microsof t.com/downloads/details.aspx?FamilyId=3C7F18AC-24BB-41CF-B8D A-997706FDC44C Microsoft Office Excel 2007: http://www.microsof t.com/downloads/details.aspx?FamilyId=CED9F11B-CE48-47A3-928 8-BD11B80F3D85 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsof t.com/downloads/details.aspx?FamilyId=50A7924F-DB51-438A-B27 D-37E40A471E60 Microsoft Office 2004 for Mac: http://www.microsoft.com /mac ORIGINAL ADVISORY: MS07-023 (934233): http://www.microsoft.com/technet/security/Bullet in/MS07-023.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )