Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed
|
|
SecurityTracker Alert ID: 1015333
|
|
SecurityTracker URL: http://securitytracker.com/id?1015333
|
|
CVE Reference: CVE-2005-4131
(Links to External Site)
|
Updated: Mar 14 2006
|
Original Entry Date: Dec 8 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): 2000, 2002, 2003; Excel X for Mac; Excel 2004 for Mac
|
Description: A vulnerability was reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted Excel document that, when loaded by the target user, will trigger a stack overflow and
potentially execute arbitrary code. The code will run with the privileges of the target user. No further details were provided.
fearwall
reported this vulnerability in an eBay offering (eBay Item number: 7203336538).
|
Impact: A remote user can create a file that, when loaded by the target user, will cause arbitrary code to be executed on the target user's system.
|
Solution: The vendor has issued a fix for the Excel vulnerability was part of the following MS06-012 fixes. [Editor's note: Though this particular
vulnerability only affects Excel, the MS06-012 release includes fixes for other vulnerabilities and so they are listed below.]
Microsoft
Word 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4
Microsoft Excel 2000:
http://www.microsoft.com/downloads
/details.aspx?FamilyId=C9433440-31EF-4C18-A0C7-B595EA23F6FC
Microsoft Outlook 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2B231231-AC83-4688-9C8D
-DCDCB544FB3C
Microsoft PowerPoint 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F24D4BD0-4771-4688-B52A-02D4EABB1574
Microsoft
Office 2000 MultiLanguage Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0AAA1700-766F-4979-B51F-AAA0A24EF2E8
Microsoft
Word 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft
Excel 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=643337C7-8A47-4FA3-AB58-7A916B33607D&displaylang=en
Microsoft
Outlook 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0D4441-4F88-4B59-A4F3-6FB558EF8135
Microsoft PowerPoint
2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C74CB45B-CF92-4EFC-8DBE-DBF4BDEBE215
Microsoft Office XP Multilingual
User Interface Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyId=589D9ABB-6308-4208-881C-CE58D6972E1F&displaylang=en
Microsoft
Excel 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC22F83A-B409-4469-984E-6C19D8F5FE41&displaylang=en
Microsoft
Excel 2003 Viewer:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7DBADBD1-0542-475B-91B5-90DD2AF2C0FC&displaylang=en
Microsoft
Works Suite 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en
Microsoft
Works Suite 2001:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en
Microsoft
Works Suite 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft
Works Suite 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft
Works Suite 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft
Works Suite 2005:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft
Works Suite 2006:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft
Office X for Mac:
http://www.microsoft.com/mac/
Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac/
A restart
is required.
The vendor's advisory is available at:
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
|
Vendor URL: www.microsoft.com/technet/security/Bulletin/MS06-012.mspx (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (OS X), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 8 Dec 2005 16:18:47 -0500
Subject: Microsoft Excel vulnerability
|
eBay Item number: 7203336538
> Microsoft Excel does not perform sufficient data validation when parsing document
> files. As a result, it is possible to pass a large counter value to msvcrt.memmove()
> function which causes critical memory regions to be overwritten, including the stack
> space. The vulnerability can be exploited to compromise a user's PC. It is feasible
> to manipulate the data in the document file to get a code of attacker's choice
> executed when malicious file is opened by MS Excel.
fearwall reported this vulnerability.
|
|
