Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Microsoft Excel

Vendors: Microsoft

Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1022351

SecurityTracker URL: http://securitytracker.com/id/1022351

CVE Reference: CVE-2009-0549, CVE-2009-0557, CVE-2009-0558, CVE-2009-0559, CVE-2009-0560, CVE-2009-0561, CVE-2009-1134 (Links to External Site)

Date: Jun 9 2009

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2000 SP3, 2002 SP3, 2003 SP3, 2007 SP1/SP2; Excel Viewer, Excel Viewer 2003 SP3; Office 2004 for Mac; Office 2008 for Mac

Description: Several vulnerabilities were reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create an Excel file with a specially crafted record object that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Bing Liu of Fortinet's FortiGuard Global Security Research Team, Carsten H. Eiram of Secunia, TELUS Security Labs Vulnerability Research Team, Sean Larsson and Joshua Drake of VeriSign iDefense Labs, and Tipping Point reported these vulnerabilities.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Microsoft Office 2000 Service Pack 3, Microsoft Office Excel 2000 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb

Microsoft Office XP Service Pack 3, Microsoft Office Excel 2002 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415

Microsoft Office 2003 Service Pack 3, Microsoft Office Excel 2003 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb

2007 Microsoft Office System Service Pack 1, Microsoft Office Excel 2007 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99

2007 Microsoft Office System Service Pack 2, Microsoft Office Excel 2007 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99

Microsoft Office 2004 for Mac:

http://www.microsoft.com/downloads/details.aspx?familyid=5557bfb7-ebb4-4c42-8042-41e830c4e550

Microsoft Office 2008 for Mac:

http://www.microsoft.com/downloads/details.aspx?familyid=58326da2-eb75-4b42-b1bc-e70319defb58

Open XML File Format Converter for Mac:

http://www.microsoft.com/downloads/details.aspx?familyid=9d6d9eaa-8442-4184-8886-faab2803bde6

Microsoft Office Excel Viewer 2003 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e

Microsoft Office Excel Viewer:

http://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2

Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d

Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d

Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd

Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms09-021.mspx (Links to External Site)

Cause: Access control error

Underlying OS: UNIX (OS X), Windows (Any)

Message History: None.

Source Message Contents

Date: Tue, 9 Jun 2009 13:54:57 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms09-021.mspx


Microsoft Security Bulletin MS09-021 - Critical: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)

CVE-2009-0549
CVE-2009-0557
CVE-2009-0558
CVE-2009-0559
CVE-2009-0560
CVE-2009-0561
CVE-2009-1134

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC