|
MS08-014: Microsoft Excel Multiple Code Execution Vulnerabilities |
|
|
|
|
Written by Marcelo Almeida (Vympel)
|
|
Wednesday, 19 March 2008 |
|
Description: Multiple vulnerabilities have been reported in
Microsoft Excel, which can be exploited by malicious people to
compromise a user's system.
1) An error in the handling of macros can be exploited via a specially crafted Excel file to execute arbitrary code.
NOTE: According to Microsoft, this vulnerability is currently being actively exploited.
2) An error when processing data validation (DVAL) records can be
exploited to corrupt memory via a specially crafted Excel file.
3) An error when importing files into Excel can be exploited via a specially crafted .slk file.
4) An error in the handling of style records can be exploited to corrupt memory via a specially crafted Excel file...
5) An error in the parsing of formulas can be exploited to corrupt memory via a specially crafted Excel file.
6) An error in the handling of rich text values can be exploited via a specially crafted Excel file.
7) An error in the handling of conditional formatting values can be exploited via a specially crafted Excel file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution:
Apply patches.
Excel 2000 SP3:
http://www.microsoft.com/downloads/de...=f7f90c30-1bfd-406b-a77f-612443e30185
Excel 2002 SP3:
http://www.microsoft.com/downloads/de...=907f96d5-d1e9-4471-b41c-3ac811e63038
Excel 2003 SP2:
http://www.microsoft.com/downloads/de...=296e5f2c-f594-41c8-a20a-3e4c40ae3948
Excel 2007:
http://www.microsoft.com/downloads/de...=e7634cb5-9531-4284-9554-4168fc488e0c
Microsoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/de...=280bb2ac-b21a-46b5-8751-5a50fbebf107
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/de...=e9251d71-9098-4125-ae91-7d4c83ea58ad
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/de...=95DCEB37-B35F-46DB-B280-DB0F3B298AA9
Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/de...=8FE8C32A-6D7A-482B-97C6-42562F089EE4
Provided and/or discovered by:
1) Discovered as a 0-day. The vendor also credits Matt Richard, VeriSign.
2) Greg MacManus, iDefense Labs.
3) The vendor credits Yoshiya Sasaki, JFE Systems.
4) The vendor credits Bing Liu, Fortinet.
5) Reported by an anonymous person via iDefense Labs.
6) Cody Pierce, TippingPoint DVLabs.
7) The vendor credits Moti Joseph and Dan Hubbard, Websense Security Labs.
Changelog:
2008-03-11: Updated "Solution" section. Added additional vulnerabilities.
2008-03-12: Added additional information provided by iDefense Labs and TippingPoint.
2008-03-14: Added links in "Other References" section describing an
issue regarding Microsoft Excel 2003 calculations. Updated "Extended
Solution" section.
Original Advisory:
MS08-014 (KB949029):
http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
Microsoft (KB947563):
http://www.microsoft.com/technet/security/advisory/947563.mspx
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=671
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=672
TippingPoint DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
Other References:
MSRC Blog:
http://blogs.technet.com/msrc/archive...pdate-march-2008-monthly-release.aspx
KB950340:
http://support.microsoft.com/kb/950340
Original article
Powered by a Zone-H(ified) version of AkoComment 3.0!
DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
