Microsoft Office Excel Multiple Vulnerabilities( 11 November 2009 )
RISK: Medium Risk
1. Excel Cache Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
2. Excel SxView Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office Excel handles specially crafted Excel files that include a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
3. Excel Featheader Record Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office Excel handles specially crafted Excel files that include a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
4. Excel Document Parsing Heap Overflow Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office Excel handles specially crafted Excel files with malformed BIFF records. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
5. Excel Formula Parsing Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office Excel parses documents containing a specially crafted formula embedded inside a cell. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights in the context of the currently logged on user.
6. Excel Index Parsing Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
7. Excel Document Parsing Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
8. Excel Field Sanitization Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office XP
- Microsoft Office Excel 2002 - Microsoft Office 2003
- Microsoft Office Excel 2003 - 2007 Microsoft Office System
- Microsoft Office Excel 2007 - Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer 2003
- Microsoft Office Excel Viewer
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office XP Service Pack 3
- Microsoft Office Excel 2002 Service Pack 3 - Microsoft Office 2003 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 3 - 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2
- Microsoft Office Excel 2007 Service Pack 1 and Microsoft Office Excel 2007 Service Pack 2 - Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer 2003 Service Pack 3
- Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Vulnerability Identifier
- CVE-2009-3127
- CVE-2009-3128
- CVE-2009-3129
- CVE-2009-3130
- CVE-2009-3131
- CVE-2009-3132
- CVE-2009-3133
- CVE-2009-3134
Source
Related Link
Share with