Microsoft Excel Multiple Vulnerabilities( 13 August 2008 )

1. Excel Indexing Validation Vulnerability

A remote code execution vulnerability exists in the way Excel processes index values when loading Excel files into memory. An attacker could exploit the vulnerability by opening a specially crafted file which could be hosted on a Web site, or included as an e-mail attachment.

2. Excel Index Array Vulnerability

A remote code execution vulnerability exists in the way Excel processes an array index when loading Excel files into memory. An attacker could exploit the vulnerability by opening a specially crafted file which could be hosted on a Web site, or included as an e-mail attachment.

3. Excel Record Parsing Vulnerability

A vulnerability exists in the way Excel parses record values when loading Excel files into memory. Depending on the attack scenario, the vulnerability could lead to remote code execution on a user's local Excel client, or it could lead to elevation of privilege within a SharePoint Server.

In an attack against a user's local Excel client, an attacker could exploit the vulnerability by convincing a user to open a specially crafted file which could be hosted on a Web site, or included as an e-mail attachment.

In an attack against a SharePoint site, an attacker would first need an account on the SharePoint site with sufficient rights to upload a specially crafted Excel file and then create a web part using the file on the SharePoint site.

4. Excel Credential Caching Vulnerability

An elevation of privilege vulnerability exists in Excel 2007 when data connections are made to a remote data sources. An attacker could exploit the vulnerability to gain access to a secured remote data source by opening an .xlsx file that had been explicitly configured not to store credentials to the remote data source.