---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38805 VERIFY ADVISORY: http://secunia.com/advisories/38805/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) An error in the parsing of records can be exploited to corrupt memory via a specially crafted file. 2) An error in the parsing of sheet object types can be exploited to corrupt memory via a specially crafted file. 3) An error in the parsing of MDXTUPLE records can be exploited to cause a heap-based buffer overflow via a specially crafted file. 4) An error in the parsing of MDXSET records can be exploited to cause a heap-based buffer overflow via a specially crafted file. 5) An error in the parsing of FNGROUPNAME records may result in the use of uninitialised memory via a specially crafted file. 6) An error in the parsing of XLSX files and may allow code execution via a specially crafted file. 7) An error in the parsing of DbOrParamQry records can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=E0136F62-60CE-4EBD-8660-BE81EBA29AE8 Microsoft Office Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=7E42793E-747B-48DA-968A-1EC29EA37151 Microsoft Office Excel 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB-4A59-97E4-7CE047F100A5 Microsoft Office Excel 2007 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB-4A59-97E4-7CE047F100A5 Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=ae5936f8-fe3f-4d23-a37c-d80f228e475e Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=e0ed1569-ab2f-407c-b728-4eddc463c385 Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=4c5487d5-c912-4087-8c83-769e3fb78ea9 Microsoft Office Excel Viewer SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=010D0A4D-02A4-4142-963B-A38CD06CC897 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=314F076E-8F9D-46C2-B666-86599A02BF15 Microsoft Office SharePoint Server 2007 SP1 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=94DDF6EF-3392-4D77-A02B-3BC0470721CD Microsoft Office SharePoint Server 2007 SP2 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=94DDF6EF-3392-4D77-A02B-3BC0470721CD Microsoft Office SharePoint Server 2007 SP1 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=06F6BFFB-3FAD-4FB5-878B-39550812E9B5 Microsoft Office SharePoint Server 2007 SP2 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=06F6BFFB-3FAD-4FB5-878B-39550812E9B5 NOTE: Some links may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. PROVIDED AND/OR DISCOVERED BY: Currently not available as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ORIGINAL ADVISORY: MS10-017 (KB980150, KB978471, KB978474, KB978382, KB980837, KB980839, KB980840, KB978383, KB978380, KB979439): http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx NOTE: The link may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------