‫ Microsoft Office Excel Multiple Vulnerabilities

IRCAD2012112296
ID: IRCAD2012112296
Release Date: 2012-11-13
Criticality level: Highly critical
 
Software:
Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office 2008 for Mac
Microsoft Office 2010
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2007
Microsoft Office for Mac 2011
 
Description:
Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
1) An error when processing the "SerAuxErrBar" record can be exploited to cause a heap-based buffer overflow via a specially crafted file.
2) An input validation error can be exploited to corrupt memory via a specially crafted file.
3) A use-after-free error when processing the "SST" record can be exploited via a specially crafted file.
4) An error when processing certain data structures can be exploited to cause a stack-based buffer overflow via a specially crafted file.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
 
Solution
Apply updates.
 
 
References:
MS12-076 (KB2597126, KB2687307, KB2687311, KB2687313, KB2687481, KB2764047, KB2764048):
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 آبان 1391

امتیاز

امتیاز شما
تعداد امتیازها:0