‫ Microsoft Office Excel Multiple Vulnerabilities

IRCAD2012051908
ID: IRCAD2012051908
Release Date: 2012-05-08
Criticality level: Highly critical
 
Software:
Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office 2010
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2007
Microsoft Office for Mac 2011
 
Description:
Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
1) An error when validating certain data within Excel files can be exploited to corrupt memory.
2) An error when handling the OBJECTLINK record within Excel files can be exploited to corrupt memory.
3) An error when validating certain data within Excel files can be exploited to corrupt memory.
4) An error when handling the SXLI record within Excel files can be exploited to corrupt memory.
5) An error when handling the MergeCells record within Excel files can be exploited to cause a heap-based buffer overflow.
6) A type mismatch error when handling the Series record within Excel files can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
 
Solution
Apply patches.
 
Microsoft Office for Mac
Other Microsoft Office Software
 
References:
MS12-030 (KB2553371, KB2596842, KB2597086, KB2597161, KB2597162, KB2597166, KB2597969, KB2665346, KB2665351):
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 20 اردیبهشت 1391

امتیاز

امتیاز شما
تعداد امتیازها:0