TITLE: Microsoft Office Excel Multiple Vulnerabilities Criticality level: Highly critical Impact: System access Where: From remote http://secunia.com/advisories/39303/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) A sign-extension error and integer overflow when parsing a certain record type can be exploited to cause a heap-based buffer overflow. 2) An unspecified error when parsing certain records can be exploited to corrupt memory. 3) An unspecified error in the format parsing can be exploited to corrupt memory. 4) A boundary error in the parsing of certain records in Lotus 1-2-3 workbooks can be exploited to cause a heap-based buffer overflow via a Lotus 1-2-3 file containing a specially crafted, overly long record. 5) An unspecified error in the formula substream parsing can be exploited to corrupt memory. 6) An unspecified error in the parsing of formula information can be exploited to corrupt memory. 7) An error when parsing certain records can be exploited to corrupt memory. 8) An error in the parsing of the Merge Cell record can be exploited to corrupt memory. 9) An error in the handling of the "negative future function" can be exploited to corrupt memory. 10) An error when processing Extra Out of Boundary records having an insufficient size can be exploited to corrupt memory placed at an arbitrary address via a specially crafted Excel document. 11) An error in the parsing of Real Time Data Array records can be exploited to corrupt memory. 12) An unspecified error can be exploited to cause an "out-of-bounds memory write" and corrupt memory. 13) Missing input validation in a conversion routine when parsing a certain record type can be exploited to corrupt memory outside the bounds of an allocated heap buffer via an overly large range specified by two record fields. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS10-080 (KB2293211, KB2345017, KB2344893, KB2345035, KB2422343, KB2422352, KB2422398, KB2345088, KB2344875): http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx Secunia Research: http://secunia.com/secunia_research/2010-55/ http://secunia.com/secunia_research/2010-63/ http://secunia.com/secunia_research/2010-64/ http://secunia.com/secunia_research/2010-65/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-