Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024076 |
|
SecurityTracker URL: http://securitytracker.com/id?1024076
|
|
CVE Reference:
CVE-2010-0821, CVE-2010-0822, CVE-2010-0823, CVE-2010-0824, CVE-2010-1245, CVE-2010-1246, CVE-2010-1247, CVE-2010-1248, CVE-2010-1249, CVE-2010-1250, CVE-2010-1253
(Links to External Site)
|
Date: Jun 8 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Office XP SP3, Office 2003 SP3, Office 2007 SP3, Excel 2002 SP3, Excel 2003 SP3, Excel 2007 SP2, Office 2004 for Mac, Office 2008 for Mac; and prior service packs
|
Description:
Multiple vulnerabilities were reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Nicolas Joly of VUPEN Vulnerability Research Team, Bing Liu of Fortinet's FortiGuard Labs, Carsten Eiram of Secunia, and an anonymous researcher (via TippingPoint's Zero Day Initiative) reported these vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Office XP Service Pack 3, Microsoft Office Excel 2002 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=fec14a92-79a1-4281-8ee2-659b2dfd283f
Microsoft Office 2003 Service Pack 3, Microsoft Office Excel 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=757b5d8f-ade5-4896-b152-43f76516bcf1
2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2, Microsoft Office Excel 2007 Service Pack 1 and Microsoft Office Excel 2007 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=1b2599f0-1e5d-463c-b100-6c6a1b17b2ec
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?familyid=16c71ab8-9284-407a-856a-93c67995f125
Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/details.aspx?familyid=d46255bd-6470-4106-9fe2-ea67acd3f1bd
Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=033b3bf3-7826-4064-b001-11e4dce2d91a
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7f89a734-cda4-4abb-9a10-f6dfe560e8d0
A restart may be required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-038.mspx (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|
