---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37299 VERIFY ADVISORY: http://secunia.com/advisories/37299/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error in the parsing of Excel spreadsheets can be exploited to corrupt memory via a specially crafted Excel file. 2) An unspecified error in the processing of certain record objects can be exploited to corrupt memory via a specially crafted Excel file. 3) Another unspecified error in the processing of certain record objects can be exploited to corrupt memory via a specially crafted Excel file. 4) An unspecified error in the processing of Binary File Format (BIFF) records can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. 5) An unspecified error in the handling of formulas embedded inside a cell can be exploited to corrupt memory via a specially crafted Excel file. 6) An unspecified error when loading Excel formulas can be exploited to corrupt a pointer when a specially crafted Excel file is being opened. 7) An unspecified error when loading Excel records can be exploited to corrupt memory via a specially crafted Excel file. 8) An unspecified error when processing Excel record objects can be exploited via a specially crafted Excel file. Successful exploitation of these vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=5672c8fc-8509-4962-ad86-ebc0f2575043 Microsoft Office Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=6a6a0f5d-17dc-4a34-b9a0-0774aa287ba5 Microsoft Office Excel 2007 SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=322b24ca-aff6-4ca0-acf1-440cae0f9693 http://www.microsoft.com/downloads/details.aspx?familyid=c4c92d2e-e87d-446f-8d3e-8f4be10c70aa Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28-4ecf-937c-99c4b60c7c8e Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda-451e-9ead-69e10aee7928 Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217-497e-8f65-4347f2544ed6 Microsoft Office Excel Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=19151e22-5642-456c-bd39-298574369cdb Microsoft Office Excel Viewer SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=fb36df5e-ebef-46bf-9edd-67f2c76dbdb3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=c4c92d2e-e87d-446f-8d3e-8f4be10c70aa PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Bing Liu of Fortinet's FortiGuard Labs, and TippingPoint and the Zero Day Initiative 2, 8) Bing Liu of Fortinet's FortiGuard Labs 3) Sean Larsson of VeriSign iDefense Labs 4-7) Nicolas Joly of Vupen Security ORIGINAL ADVISORY: MS09-067 (KB972652, KB973471, KB973475, KB973593, KB976830, KB976828, KB976831, KB973484, KB973707, KB973704): http://www.microsoft.com/technet/security/Bulletin/MS09-067.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------