Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25995] Microsoft Excel Multiple Code Execution Vulnerabilities



> ----------------------------------------------------------------------
>
> TITLE:
> Microsoft Excel Multiple Code Execution Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA25995
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/25995/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Office Excel 2007
> http://secunia.com/product/14161/
> Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
> 2007 File Formats
> http://secunia.com/product/14165/
> Microsoft Excel Viewer 2003
> http://secunia.com/product/7700/
> Microsoft Excel 2003
> http://secunia.com/product/4970/
> Microsoft Excel 2002
> http://secunia.com/product/4043/
> Microsoft Excel 2000
> http://secunia.com/product/3054/
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2007
> http://secunia.com/product/13228/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Microsoft Excel, which can
> be exploited by malicious people to compromise a user's system.
>
> 1) An unspecified calculation error when handling version-related
> information can be exploited to corrupt memory via a specially
> crafted Excel file.
>
> 2) An error in the validation of the number of active worksheets can
> be exploited to corrupt memory via a specially crafted Excel file.
>
> 3) An error when validating the beginning of file attributes
> associated with workspace information can be exploited via a
> specially crafted Excel file.
>
> Successful exploitation of the vulnerabilities may allow execution of
> arbitrary code.
>
> NOTE: Additional unspecified security issues discovered internally by
> Microsoft have also been reported.
>
> SOLUTION:
> Apply patches.
>
> Microsoft Excel 2000 SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=83D94
> D8E-DDA6-4D74-B40D-476C2F0A3AF4
>
> Microsoft Excel 2002 SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5E09D
> 13B-D4B0-48FD-9880-73C180570267
>
> Microsoft Excel 2003 SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9D93C
> 0CE-5124-4234-BA84-3C27005E010F
>
> Microsoft Excel 2003 Viewer:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=11F42
> 977-8828-494A-A183-D1ABA827B708
>
> Microsoft Office Excel 2007:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9AB28
> 283-0320-4527-B033-5E80EF32CD34
>
> Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
> 2007 File Formats:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E592A
> E5B-09AC-4F5B-B457-A54C9850AD4A
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> MS07-036 (KB936542):
> http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx
>



 




Copyright © Lexa Software, 1996-2009.