Security-Alerts mailing list archive (firstname.lastname@example.org)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28506] Microsoft Excel File Handling Code Execution
> Microsoft Excel File Handling Code Execution
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Extremely critical
> System access
> From remote
> Microsoft Excel 2003
> Microsoft Excel Viewer 2003
> Microsoft Excel 2002
> Microsoft Excel 2000
> Microsoft Office 2000
> Microsoft Office 2003 Professional Edition
> Microsoft Office 2003 Small Business Edition
> Microsoft Office 2003 Standard Edition
> Microsoft Office 2003 Student and Teacher Edition
> Microsoft Office 2004 for Mac
> A vulnerability has been reported in Microsoft Excel, which can be
> exploited by malicious people to compromise a user's system.
> The vulnerability is caused due to an unspecified error in the
> handling of Excel files and can be exploited via a specially crafted
> Excel file with malformed header information.
> Successful exploitation allows execution of arbitrary code but
> requires that the user is tricked into opening a malicious Excel
> NOTE: According to Microsoft, this is currently being actively
> The vulnerability is reported in the following versions:
> * Microsoft Office Excel 2003 Service Pack 2
> * Microsoft Office Excel Viewer 2003
> * Microsoft Office Excel 2002
> * Microsoft Office Excel 2000
> * Microsoft Excel 2004 for Mac.
> Do not open untrusted Excel files.
> For Microsoft Excel 2003, the vendor recommends using the Microsoft
> Office Isolated Conversion Environment (MOICE) or Microsoft Office
> File Block policy. Please see the vendor's advisory for details.
> PROVIDED AND/OR DISCOVERED BY:
> Discovered as a 0-day.
> ORIGINAL ADVISORY:
> Microsoft (KB947563):