GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

Release Date: 16/01/2008 Severity: Extremely Critical Extremely Critical
SecWatch Advisory: SWID1020078 Cause: Not specified
Solution Status: Unpatched Impact: Execution of arbitrary code
Exploit Status: None Available Access Vector: From remote
 
Affected Software: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 20
Microsoft Office Excel 2007
 
Original Advisory: http://www.microsoft.com/technet/security/advisory/947563.mspx
References: FrSIRT/ADV-2008-0146
CVE: CVE-2008-0081 CVE-2008-0111 CVE-2008-0112 CVE-2008-0114 CVE-2008-0115 CVE-2008-0116 CVE-2008-0117
Microsoft: MS08-014
Secunia: SA28506
Bugtraq ID: BID#27305

 

Description:

A vulnerability in Microsoft Excel has been reported, which can be exploited by remote users to compromise a user's system.

An unspecified error exists when handling Excel files with malformed header information, which and can be exploited to execute arbitrary code by e.g. tricking a user to opening a malicious Excel file.

 

Affected:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac

 

Solution:

The vulnerability has been fixed, apply patches:
http://www.microsoft.com/techn...ecurity/Bulletin/MS08-014.mspx

 

Credits:

Unknown

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

21 Mar 08: Microsoft Office Excel Code Execution Exploit (M.. (zha0_ms08_014.rar)

11 Mar 08: Microsoft Excel Multiple Remote Code Execution Vulnerabilities

09 Oct 07: Microsoft Word Unspecified Remote Memory Corruption Vulnerability..

15 Feb 07: Microsoft Word Unspecified Document Handling Remote Memory Corrup..

05 Feb 07: Microsoft Office Unspecified Remote Command Execution Vulnerabili..

[more ...]