VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information to make more informed decisions. With the Microsoft Office Fluent user interface, rich data visualization, and PivotTable views, professional-looking charts are easier to create and use." from microsoft.com II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered four critical vulnerabilities affecting Microsoft Office Excel. These vulnerabilities are caused by memory corruptions, invalid index, and invalid pointer errors when processing malformed Excel documents, which could allow attackers to execute arbitrary code via a specially crafted XLS file. VUPEN-SR-2008-10 - Microsoft Office Excel Records Parsing Memory Corruption VUPEN-SR-2008-09 - Microsoft Office Excel Index Parsing Memory Corruption VUPEN-SR-2008-08 - Microsoft Office Excel Formula Parsing Memory Corruption VUPEN-SR-2008-07 - Microsoft Office Excel Document Processing Heap Overflow III. AFFECTED PRODUCTS -------------------------------- - Microsoft Office Excel 2007 Service Pack 1 - Microsoft Office Excel 2007 Service Pack 2 - Microsoft Office Excel 2003 Service Pack 3 - Microsoft Office Excel 2002 Service Pack 3 - Microsoft Office 2008 for Mac - Microsoft Office 2004 for Mac - Open XML File Format Converter for Mac - Microsoft Office Excel Viewer 2003 Service Pack 3 - Microsoft Office Excel Viewer Service Pack 1 - Microsoft Office Excel Viewer Service Pack 2 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 IV. Exploits - PoCs & Binary Analysis -------------------------------------- Code execution exploits and PoCs have been developed by VUPEN Security and are available with the in-depth binary analysis of the flaws through the VUPEN Exploits & PoCs Service. http://www.vupen.com/exploits V. SOLUTION ---------------- Apply MS09-067 patches : http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx VI. CREDIT -------------- The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security VII. ABOUT VUPEN Security --------------------------------- VUPEN is a leading provider of vulnerability analysis and alerts, and commercial-grade exploits which enable corporations and institutions to eliminate vulnerabilities before they can be exploited by attackers, to ensure security policy compliance, and meaningfully measure and manage risks. VUPEN also provides research services for security vendors (antivirus, IDS, IPS, vulnerability scanning, etc) to supplement their internal vulnerability research efforts and quickly develop vulnerability-based signatures, rules, and filters, and proactively protect their customers against potential threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Exploits and In-Depth Vulnerability Analysis: http://www.vupen.com/exploits VIII. REFERENCES ---------------------- http://www.vupen.com/english/research.php http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3133