THIRD attempt at posting these!!
TITLE:
Microsoft Excel Multiple Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA25995
VERIFY ADVISORY:
http://secunia.c
om/advisories/25995/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Office Excel 2007
http://secunia.com/
product/14161/
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint
2007 File Formats
http://secunia.com/
product/14165/
Microsoft Excel Viewer 2003
http://secunia.com/p
roduct/7700/
Microsoft Excel 2003
http://secunia.com/p
roduct/4970/
Microsoft Excel 2002
http://secunia.com/p
roduct/4043/
Microsoft Excel 2000
http://secunia.com/p
roduct/3054/
Microsoft Office 2000
http://secunia.com/pro
duct/24/
Microsoft Office XP
http://secunia.com/pro
duct/23/
Microsoft Office 2003 Professional Edition
http://secunia.com/p
roduct/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/p
roduct/2277/
Microsoft Office 2003 Standard Edition
http://secunia.com/p
roduct/2275/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/p
roduct/2278/
Microsoft Office 2007
http://secunia.com/
product/13228/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Excel,
which can
be exploited by malicious people to compromise a user's
system.
1) An unspecified calculation error when handling
version-related
information can be exploited to corrupt memory via a
specially
crafted Excel file.
2) An error in the validation of the number of active
worksheets can
be exploited to corrupt memory via a specially crafted
Excel
file.
3) An error when validating the beginning of file
attributes
associated with workspace information can be exploited via
a
specially crafted Excel file.
Successful exploitation of the vulnerabilities may allow
execution of
arbitrary code.
NOTE: Additional unspecified security issues discovered
internally by
Microsoft have also been reported.
SOLUTION:
Apply patches.
Microsoft Excel 2000 SP3:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=83D94D8E-DDA6-4D74-B40
D-476C2F0A3AF4
Microsoft Excel 2002 SP3:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=5E09D13B-D4B0-48FD-988
0-73C180570267
Microsoft Excel 2003 SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=9D93C0CE-5124-4234-BA8
4-3C27005E010F
Microsoft Excel 2003 Viewer:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=11F42977-8828-494A-A18
3-D1ABA827B708
Microsoft Office Excel 2007:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=9AB28283-0320-4527-B03
3-5E80EF32CD34
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint
2007 File Formats:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=E592AE5B-09AC-4F5B-B45
7-A54C9850AD4A
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS07-036 (KB936542):
http://www.microsoft.com/technet/security/Bullet
in/MS07-036.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
