SecurityTracker.com Archives - Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > Microsoft Excel

Vendors: Microsoft

Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1018352

SecurityTracker URL: http://securitytracker.com/id?1018352

CVE Reference: CVE-2007-1756 , CVE-2007-3029 , CVE-2007-3030 (Links to External Site)

Updated: Jul 13 2007

Original Entry Date: Jul 10 2007

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Microsoft Security Bulletin

Version(s): 2000, 2002, 2003, 2007

Description: Several vulnerabilities were reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Excel file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A calculation error or memory corruption error associated with Workspace information can lead to code execution.

[Editor's note: One of the memory corruption errors (CVE-2007-3029) has already been publicly disclosed.]

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Microsoft Excel 2000 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?FamilyId=83D94D8E-DDA6-4D74-B40D-476C 2F0A3AF4

Microsoft Excel 2002 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5E09D13B-D4B0-48FD-9880-73C180570267

Microsoft Excel 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9D93C0CE-5124-4234-BA84-3C27005E010F

Microsoft Office 2004 for Mac:

http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac/download/Office2004/Office2004_1136.xml&secid=4&ssid=35&flgnosysreq=True

Microsoft Office Excel 2007:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AB28283-0320-4527-B033-5E80EF32CD34

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E592AE5B-09AC-4F5B-B457-A54C9850A D4A

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-036.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms07-036.mspx (Links to External Site)

Cause: Exception handling error

Underlying OS: UNIX (OS X), Windows (Any)

Message History: None.

Source Message Contents

Date: Tue, 10 Jul 2007 13:55:53 -0400
Subject: Microsoft Security Bulletin MS07-036 - Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)

 
 
http://www.microsoft.com/technet/security/bulletin/ms07-036.mspx
 
CVE-2007-1756
CVE-2007-3029
CVE-2007-3030

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC