«
»

Microsoft Excel Multiple Vulnerabilities


Microsoft Excel Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA37299
VERIFY ADVISORY: http://secunia.com/advisories/37299/
DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user’s system.
1) An unspecified error in the parsing of Excel spreadsheets can be exploited to corrupt memory via a specially crafted Excel file.
2) An unspecified error in the processing of certain record objects can be exploited to corrupt memory via a specially crafted Excel file.
3) Another unspecified error in the processing of certain record objects can be exploited to corrupt memory via a specially crafted Excel file.
4) An unspecified error in the processing of Binary File Format (BIFF) records can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file.
5) An unspecified error in the handling of formulas embedded inside a cell can be exploited to corrupt memory via a specially crafted Excel file.
6) An unspecified error when loading Excel formulas can be exploited to corrupt a pointer when a specially crafted Excel file is being opened.
7) An unspecified error when loading Excel records can be exploited to corrupt memory via a specially crafted Excel file. 8) An unspecified error when processing Excel record objects can be exploited via a specially crafted Excel file.
Successful exploitation of these vulnerabilities allows execution of arbitrary code.
SOLUTION: Apply patches.
Microsoft Office Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=5672c8fc-8509-4962-ad86-ebc0f2575043
Microsoft Office Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=6a6a0f5d-17dc-4a34-b9a0-0774aa287ba5
Microsoft Office Excel 2007 SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=322b24ca-aff6-4ca0-acf1-440cae0f9693 http://www.microsoft.com/downloads/details.aspx?familyid=c4c92d2e-e87d-446f-8d3e-8f4be10c70aa
Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28-4ecf-937c-99c4b60c7c8e
Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda-451e-9ead-69e10aee7928
Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217-497e-8f65-4347f2544ed6
Microsoft Office Excel Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=19151e22-5642-456c-bd39-298574369cdb
Microsoft Office Excel Viewer SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=fb36df5e-ebef-46bf-9edd-67f2c76dbdb3
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=c4c92d2e-e87d-446f-8d3e-8f4be10c70aa
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Bing Liu of Fortinet’s FortiGuard Labs, and TippingPoint and the Zero Day Initiative 2, 8) Bing Liu of Fortinet’s FortiGuard Labs 3) Sean Larsson of VeriSign iDefense Labs 4-7) Nicolas Joly of Vupen Security
ORIGINAL ADVISORY: MS09-067 (KB972652, KB973471, KB973475, KB973593, KB976830, KB976828, KB976831, KB973484, KB973707, KB973704): http://www.microsoft.com/technet/security/Bulletin/MS09-067.mspx
———————————————————————-

Dieser Beitrag wurde am Dienstag 10. November 2009, 21:40 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

  1. Bisher keine Kommentare.

Sie müssen angemeldet sein, um einen Beitrag zu verfassen.