---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35364 VERIFY ADVISORY: http://secunia.com/advisories/35364/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. 1) An array-indexing error when processing certain records can be exploited to corrupt memory via a specially crafted Excel file. 2) An error when parsing certain records may result in a corrupted pointer being used when opening a specially crafted Excel file. 3) An error when parsing certain records may result in a corrupted object being used when opening a specially crafted Excel file. 4) An error when parsing certain records can be exploited to corrupt memory when opening a specially crafted Excel file. 5) A boundary error when parsing certain records can be exploited to cause a stack-based buffer overflow when opening a specially crafted Excel file. 6) An error when parsing certain records may result in a corrupted pointer being used when opening a specially crafted Excel file. 7) An integer overflow error when processing the number of strings in a file can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office Excel 2000 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb Microsoft Office Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415 Microsoft Office Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb Microsoft Office Excel 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99 Microsoft Office Excel 2007 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99 Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550 Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58 Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6 Microsoft Office Excel Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e Microsoft Office Excel Viewer: http://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2: http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2 Microsoft Office SharePoint Server 2007 SP1 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d Microsoft Office SharePoint Server 2007 SP2 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d Microsoft Office SharePoint Server 2007 SP1 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd Microsoft Office SharePoint Server 2007 SP2 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd PROVIDED AND/OR DISCOVERED BY: 1) Carsten Eiram, Secunia Research. 2-4) The vendor credits Bing Liu, Fortinet. 5) The vendor credits TELUS Security Labs Vulnerability Research Team. 6) The vendor credits TippingPoint and the Zero Day Initiative. 7) Independently reported by: * Carsten Eiram, Secunia Research. * Sean Larsson and Joshua Drake, VeriSign iDefense Labs. ORIGINAL ADVISORY: MS09-021 (KB969462, KB969661, KB969679, KB969680, KB969681, KB969682, KB969683, KB969685, KB969686, KB969737, KB971822, KB971824): http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx Secunia Research: http://secunia.com/secunia_research/2009-1/ http://secunia.com/secunia_research/2009-12/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------