Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1023698 |
|
SecurityTracker URL: http://securitytracker.com/id/1023698
|
|
CVE Reference:
CVE-2010-0257, CVE-2010-0258, CVE-2010-0260, CVE-2010-0261, CVE-2010-0262, CVE-2010-0263, CVE-2010-0264
(Links to External Site)
|
Date: Mar 9 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2002 SP3, 2003 SP3, 2007 SP2, 2004 for Mac, 2008 for Mac; and prior service packs
|
Description:
Several vulnerabilities were reported in Microsoft Office Excel. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted Excel file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Open XML File Format Converter for Mac is also affected.
Microsoft Office SharePoint Server 2007 is also affected.
A specially crafted record can trigger a memory corruption error [CVE-2010-0257].
A specially crafted file can trigger an object type error [CVE-2010-0258].
A specially crafted MDXTUPLE record can trigger a heap overflow [CVE-2010-0260].
A specially crafted MDXSET record can trigger a heap overflow [CVE-2010-0261]
A specially crafted FNGROUPNAME record can trigger a memory initialization error [CVE-2010-0262].
A specially crafted XLSX file can trigger a parsing error [CVE-2010-0263].
A specially crafted DbOrParamQry record can trigger a parsing error [CVE-2010-0264].
Nicolas Joly of VUPEN Vulnerability Research Team, Sean Larsson of VeriSign iDefense Labs, an anonymous researcher via TippingPoint, and Damian Frizza from Core Security Technologies reported these vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Office XP Service Pack 3, Microsoft Office Excel 2002 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=E0136F62-60CE-4EBD-8660-BE81EBA29AE8
Microsoft Office 2003 Service Pack 3, Microsoft Office Excel 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=7E42793E-747B-48DA-968A-1EC29EA37151
2007 Microsoft Office System Service Pack 1, Microsoft Office Excel 2007 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB-4A59-97E4-7CE047F100A5
2007 Microsoft Office System Service Pack 2, Microsoft Office Excel 2007 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB-4A59-97E4-7CE047F100A5
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?familyid=ae5936f8-fe3f-4d23-a37c-d80f228e475e
Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/details.aspx?familyid=e0ed1569-ab2f-407c-b728-4eddc463c385
Open XML File Format Converter for Mac:
http://www.microsoft.com/downloads/details.aspx?familyid=4c5487d5-c912-4087-8c83-769e3fb78ea9
Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=010D0A4D-02A4-4142-963B-A38CD06CC897
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=314F076E-8F9D-46C2-B666-86599A02BF15
Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=94DDF6EF-3392-4D77-A02B-3BC0470721CD
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=94DDF6EF-3392-4D77-A02B-3BC0470721CD
Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=06F6BFFB-3FAD-4FB5-878B-39550812E9B5
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=06F6BFFB-3FAD-4FB5-878B-39550812E9B5
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=314F076E-8F9D-46C2-B666-86599A02BF15
A restart may be required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-017.mspx (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 09 Mar 2010 18:33:59 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx
|
Microsoft Security Bulletin MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
CVE-2010-0257
CVE-2010-0258
CVE-2010-0260
CVE-2010-0261
CVE-2010-0262
CVE-2010-0263
CVE-2010-0264
|
|
Go to the Top of This SecurityTracker Archive Page
|
