|
|
>> Microsoft Excel Document Handling Multiple Code Execution Vulnerabilities (MS06-037)
|
Multiple vulnerabilities have been identified in Microsoft Excel, which could be exploited by attackers to take complete control of an affected system.
The first flaw is due to memory corruption errors when processing a malformed "SELECTION" record, which could be exploited by attackers to execute arbitrary commands by convincing a user to open a specially crafted Excel file.
The second vulnerability is due to a memory corruption error when processing a malformed "COLINFO" record, which could be exploited by attackers to execute arbitrary commands via a specially crafted Excel file.
The third issue is due to a memory corruption error when processing a malformed "OBJECT" record, which could be exploited by attackers to execute arbitrary commands by convincing a user to open a specially crafted Excel file.
The fourth vulnerability is due to a memory corruption error when processing a malformed "FNGROUPCOUNT" value, which could be exploited by attackers to execute arbitrary commands via a specially crafted Excel file.
The fifth flaw is due to a memory corruption error when processing a malformed "LABEL" record, which could be exploited by attackers to execute arbitrary commands by convincing a user to open a specially crafted Excel file.
The sixth vulnerability is due to a memory corruption error when processing a malformed file, which could be exploited by attackers to execute arbitrary commands via a specially crafted Excel file.
The seventh issue is due to a memory corruption error when processing a malformed Excel file, which could be exploited by attackers to execute arbitrary commands via a specially crafted document. For additional information, see : VUPEN/ADV-2006-2361
Affected Products
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2000 Service Pack 3
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Excel 2002
Microsoft Excel 2000
Microsoft Excel 2004 for Mac
Microsoft Excel v. X for Mac
Solution
Apply patches :
http://www.microsoft.com/technet/security/bulletin/MS06-037.mspx
References
http://www.vupen.com/english/advisories/2006/2755
http://www.microsoft.com/technet/security/bulletin/MS06-037.mspx
Credits
Vulnerabilities reported by Posidron, NSFocus Security Team, Arnaud Dovi, iDEFENSE, Sowhat, Xin Ouyang, Shaun Colley, and Costin Ionescu.
ChangeLog
2006-07-11 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
