Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28506] Microsoft Excel File Handling Code Execution

To: "security-alerts@xxxxxxxxxxxxxx" <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA28506] Microsoft Excel File Handling Code Execution
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Thu, 17 Jan 2008 10:41:32 +0300
Accept-language: ru-RU, en-US
Acceptlanguage: ru-RU, en-US
Content-language: ru-RU
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AchYptNSGVv9cfrZR32PfARIa8OjtQANYawA
Thread-topic: [SA28506] Microsoft Excel File Handling Code Execution

> ----------------------------------------------------------------------
>
> TITLE:
> Microsoft Excel File Handling Code Execution
>
> SECUNIA ADVISORY ID:
> SA28506
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28506/
>
> CRITICAL:
> Extremely critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Excel 2003
> http://secunia.com/product/4970/
> Microsoft Excel Viewer 2003
> http://secunia.com/product/7700/
> Microsoft Excel 2002
> http://secunia.com/product/4043/
> Microsoft Excel 2000
> http://secunia.com/product/3054/
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2004 for Mac
> http://secunia.com/product/8713/
>
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Excel, which can be
> exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to an unspecified error in the
> handling of Excel files and can be exploited via a specially crafted
> Excel file with malformed header information.
>
> Successful exploitation allows execution of arbitrary code but
> requires that the user is tricked into opening a malicious Excel
> file.
>
> NOTE: According to Microsoft, this is currently being actively
> exploited.
>
> The vulnerability is reported in the following versions:
> * Microsoft Office Excel 2003 Service Pack 2
> * Microsoft Office Excel Viewer 2003
> * Microsoft Office Excel 2002
> * Microsoft Office Excel 2000
> * Microsoft Excel 2004 for Mac.
>
> SOLUTION:
> Do not open untrusted Excel files.
>
> For Microsoft Excel 2003, the vendor recommends using the Microsoft
> Office Isolated Conversion Environment (MOICE) or Microsoft Office
> File Block policy. Please see the vendor's advisory for details.
>
> PROVIDED AND/OR DISCOVERED BY:
> Discovered as a 0-day.
>
> ORIGINAL ADVISORY:
> Microsoft (KB947563):
> http://www.microsoft.com/technet/security/advisory/947563.mspx
>
>

Prev by Date: [security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 3
Next by Date: [security-alerts] Fwd: TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability
Previous by thread: [security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 3
Next by thread: [security-alerts] Fwd: TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability
Index(es):
- Date
- Thread