TITLE: Microsoft Office Multiple Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA19138 VERIFY ADVISORY: http://secunia.com/advisories/19138/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Excel 2000 http://secunia.com/product/3054/ Microsoft Excel 2002 http://secunia.com/product/4043/ Microsoft Excel 2003 http://secunia.com/product/4970/ Microsoft Excel Viewer 2003 http://secunia.com/product/7700/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2004 for Mac http://secunia.com/product/8713/ Microsoft Office X for Mac http://secunia.com/product/2610/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Outlook 2000 http://secunia.com/product/33/ Microsoft Outlook 2002 http://secunia.com/product/34/ Microsoft PowerPoint 2000 http://secunia.com/product/3052/ Microsoft PowerPoint 2002 http://secunia.com/product/2223/ Microsoft Word 2000 http://secunia.com/product/2149/ Microsoft Word 2002 http://secunia.com/product/2150/ Microsoft Works Suite 2001 http://secunia.com/product/2145/ Microsoft Works Suite 2002 http://secunia.com/product/2144/ Microsoft Works Suite 2003 http://secunia.com/product/2143/ Microsoft Works Suite 2004 http://secunia.com/product/3897/ Microsoft Works Suite 2005 http://secunia.com/product/8711/ Microsoft Works Suite 2006 http://secunia.com/product/8712/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) An error in Excel when processing files with a malformed range can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 2) An error in Office when processing documents containing a specially crafted "routing slip" can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a malicious document. 3) An error in Excel when processing a malformed parsing format file can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 4) An error in Excel when processing a malformed description can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 5) An error in Excel when processing malformed graphics can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 6) An error in Excel when processing malformed records can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. SOLUTION: Apply patches. Microsoft Word 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4 Microsoft Excel 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=C9433440-31EF-4C18-A0C7-B595EA23F6FC Microsoft Outlook 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=2B231231-AC83-4688-9C8D-DCDCB544FB3C Microsoft PowerPoint 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=F24D4BD0-4771-4688-B52A-02D4EABB1574 Microsoft Office 2000 MultiLanguage Packs (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=0AAA1700-766F-4979-B51F-AAA0A24EF2E8 Microsoft Word 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Excel 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=643337C7-8A47-4FA3-AB58-7A916B33607D&displaylang=en Microsoft Outlook 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0D4441-4F88-4B59-A4F3-6FB558EF8135 Microsoft PowerPoint 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=C74CB45B-CF92-4EFC-8DBE-DBF4BDEBE215 Microsoft Office XP Multilingual User Interface Packs (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=589D9ABB-6308-4208-881C-CE58D6972E1F&displaylang=en Microsoft Excel 2003 (requires Office 2003 SP1/SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=AC22F83A-B409-4469-984E-6C19D8F5FE41&displaylang=en Microsoft Excel 2003 Viewer (requires Office 2003 SP1/SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=7DBADBD1-0542-475B-91B5-90DD2AF2C0FC&displaylang=en Microsoft Works Suite 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en Microsoft Works Suite 2001: http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en Microsoft Works Suite 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2006: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Office X for Mac: http://www.microsoft.com/mac/ Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Peter Winter-Smith of NGSSoftware and FelicioX. 2) The vendor credits Ollie Whitehouse, Symantec. 3) The vendor credits TippingPoint and the Zero Day Initiative. 4) The vendor credits Dejun, Fortinet Security Response Team. 5) Reported by vendor. 6) The vendor credits Eyas, XFOCUS Security Team. ORIGINAL ADVISORY: MS06-012 (KB905413): http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------