Microsoft Office Excel Multiple Vulnerabilities( 09 June 2010 )
RISK: Medium Risk
1. Excel Record Parsing Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
2. Excel Object Stack Overflow Vulnerability
3. Excel Memory Corruption Vulnerability
4. Excel Record Memory Corruption Vulnerability
5. Excel Record Memory Corruption Vulnerability
6. Excel RTD Memory Corruption Vulnerability
7. Excel Memory Corruption Vulnerability
8. Excel HFPicture Memory Corruption Vulnerability
9. Excel Memory Corruption Vulnerability
10. Excel EDG Memory Corruption Vulnerability
11. Excel Record Stack Corruption Vulnerability
12. Excel String Variable Vulnerability
13. Excel ADO Object Vulnerability
14. Mac Office Open XML Permissions Vulnerability
An elevation of privilege vulnerability exists in the way that the Open XML File Format Converter for Mac installs itself. During installation, the Open XML File Format Converter for Mac changes the file system ACLs on the /Applications folder in a way that reduces the security settings on the /Applications folder and allows all access to the files in this folder. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could replace the Open XML File Format Converter for Mac with a malicious executable. When an administrator later logs on and runs the Open XML File Format Converter for Mac, the attacker-provided code can be made to execute, allowing the attacker to take complete control over an affected system.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office XP
- Microsoft Office 2003
- 2007 Microsoft Office System
- Microsoft Office Excel 2002
- Microsoft Office Excel 2003
- Microsoft Office Excel 2007
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office XP Service Pack 3
- Microsoft Office Excel 2002 Service Pack 3 - Microsoft Office 2003 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 3 - 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2
- Microsoft Office Excel 2007 Service Pack 1 and Microsoft Office Excel 2007 Service Pack 2 - Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Vulnerability Identifier
- CVE-2010-0821
- CVE-2010-0822
- CVE-2010-0823
- CVE-2010-0824
- CVE-2010-1245
- CVE-2010-1246
- CVE-2010-1247
- CVE-2010-1248
- CVE-2010-1249
- CVE-2010-1250
- CVE-2010-1251
- CVE-2010-1252
- CVE-2010-1253
- CVE-2010-1254
Source
Related Link
Share with