ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA19138] Microsoft Office Multiple Code Execution Vulnerabilities

> 
> 
> TITLE:
> Microsoft Office Multiple Code Execution Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA19138
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19138/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Excel 2000
> http://secunia.com/product/3054/
> Microsoft Excel 2002
> http://secunia.com/product/4043/
> Microsoft Excel 2003
> http://secunia.com/product/4970/
> Microsoft Excel Viewer 2003
> http://secunia.com/product/7700/
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2004 for Mac
> http://secunia.com/product/8713/
> Microsoft Office X for Mac
> http://secunia.com/product/2610/
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft Outlook 2000
> http://secunia.com/product/33/
> Microsoft Outlook 2002
> http://secunia.com/product/34/
> Microsoft PowerPoint 2000
> http://secunia.com/product/3052/
> Microsoft PowerPoint 2002
> http://secunia.com/product/2223/
> Microsoft Word 2000
> http://secunia.com/product/2149/
> Microsoft Word 2002
> http://secunia.com/product/2150/
> Microsoft Works Suite 2001
> http://secunia.com/product/2145/
> Microsoft Works Suite 2002
> http://secunia.com/product/2144/
> Microsoft Works Suite 2003
> http://secunia.com/product/2143/
> Microsoft Works Suite 2004
> http://secunia.com/product/3897/
> Microsoft Works Suite 2005
> http://secunia.com/product/8711/
> Microsoft Works Suite 2006
> http://secunia.com/product/8712/
> 
> DESCRIPTION:
> Multiple vulnerabilities have been reported in Microsoft Office,
> which can be exploited by malicious people to compromise a user's
> system.
> 
> 1) An error in Excel when processing files with a malformed range can
> be exploited to corrupt memory and allows execution of arbitrary code
> on a user's system when viewing a specially crafted Excel file.
> 
> 2) An error in Office when processing documents containing a
> specially crafted "routing slip" can be exploited to corrupt memory
> and allows execution of arbitrary code on a user's system when
> viewing a malicious document.
> 
> 3) An error in Excel when processing a malformed parsing format file
> can be exploited to corrupt memory and allows execution of arbitrary
> code on a user's system when viewing a specially crafted Excel file.
> 
> 4) An error in Excel when processing a malformed description can be
> exploited to corrupt memory and allows execution of arbitrary code on
> a user's system when viewing a specially crafted Excel file.
> 
> 5) An error in Excel when processing malformed graphics can be
> exploited to corrupt memory and allows execution of arbitrary code on
> a user's system when viewing a specially crafted Excel file.
> 
> 6) An error in Excel when processing malformed records can be
> exploited to corrupt memory and allows execution of arbitrary code on
> a user's system when viewing a specially crafted Excel file.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Word 2000 (requires Office 2000 SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CD217
9FD-37F5-4D09-B653-0174651CF5E4
> 
> Microsoft Excel 2000 (requires Office 2000 SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C9433
440-31EF-4C18-A0C7-B595EA23F6FC
> 
> Microsoft Outlook 2000 (requires Office 2000 SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2B231
231-AC83-4688-9C8D-DCDCB544FB3C
> 
> Microsoft PowerPoint 2000 (requires Office 2000 SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F24D4
BD0-4771-4688-B52A-02D4EABB1574
> 
> Microsoft Office 2000 MultiLanguage Packs (requires Office 2000
> SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0AAA1
700-766F-4979-B51F-AAA0A24EF2E8
> 
> Microsoft Word 2002 (requires Office XP SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A
5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
> 
> Microsoft Excel 2002 (requires Office XP SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=64333
7C7-8A47-4FA3-AB58-7A916B33607D&displaylang=en
> 
> Microsoft Outlook 2002 (requires Office XP SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0D4
441-4F88-4B59-A4F3-6FB558EF8135
> 
> Microsoft PowerPoint 2002 (requires Office XP SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C74CB
45B-CF92-4EFC-8DBE-DBF4BDEBE215
> 
> Microsoft Office XP Multilingual User Interface Packs (requires
> Office XP SP3):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=589D9
ABB-6308-4208-881C-CE58D6972E1F&displaylang=en
> 
> Microsoft Excel 2003 (requires Office 2003 SP1/SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=AC22F
83A-B409-4469-984E-6C19D8F5FE41&displaylang=en
> 
> Microsoft Excel 2003 Viewer (requires Office 2003 SP1/SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7DBAD
BD1-0542-475B-91B5-90DD2AF2C0FC&displaylang=en
> 
> Microsoft Works Suite 2000:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CD217
9FD-37F5-4D09-B653-0174651CF5E4&displaylang=en
> 
> Microsoft Works Suite 2001:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CD217
9FD-37F5-4D09-B653-0174651CF5E4&displaylang=en
> 
> Microsoft Works Suite 2002:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A
5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
> 
> Microsoft Works Suite 2003:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A
5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
> 
> Microsoft Works Suite 2004:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A
5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
> 
> Microsoft Works Suite 2005:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A
5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
> 
> Microsoft Works Suite 2006:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A
5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
> 
> Microsoft Office X for Mac:
> http://www.microsoft.com/mac/
> 
> Microsoft Office 2004 for Mac:
> http://www.microsoft.com/mac/
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Peter Winter-Smith of NGSSoftware and
> FelicioX.
> 2) The vendor credits Ollie Whitehouse, Symantec.
> 3) The vendor credits TippingPoint and the Zero Day Initiative.
> 4) The vendor credits Dejun, Fortinet Security Response Team.
> 5) Reported by vendor.
> 6) The vendor credits Eyas, XFOCUS Security Team.
> 
> ORIGINAL ADVISORY:
> MS06-012 (KB905413):
> http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
>

 



Copyright © Lexa Software, 1996-2009.