Multiple vulnerabilities have been identified in Microsoft Office, which could be exploited by attackers to take complete control of an affected system. These issues are caused by memory corruption errors when processing documents containing malformed data (e.g. cells) , which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel or Office file.

Affected Products

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office 2004 for Mac

Solution

Apply patch for Microsoft Office 2000 Service Pack 3 :
http://www.microsoft.com/downloads/details.aspx?familyid=72735aa1-e22c-40ed-8c79-38fba89979aa

Apply patch for Microsoft Office XP Service Pack 3 :
http://www.microsoft.com/downloads/details.aspx?familyid=9cf8aafa-71a5-4017-b53c-4e80ef6e1188

Apply patch for Microsoft Office 2003 Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa

Apply patch for Microsoft Office Excel Viewer 2003 :
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa

Apply patch for Microsoft Office Excel Viewer 2003 Service Pack 3 :
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa

Apply patch for Microsoft Office 2004 for Mac :
http://www.microsoft.com/downloads/details.aspx?FamilyId=95DCEB37-B35F-46DB-B280-DB0F3B298AA9

References

http://www.vupen.com/english/advisories/2008/0848
http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx

Credits

Vulnerabilities reported by Arnaud Dovi and Zero Day Initiative.

Changelog

2008-03-11 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.