[PCWorks] Microsoft Office Excel Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Wed, 13 Oct 2010 09:33:12 -0500
TITLE:
Microsoft Office Excel Multiple Vulnerabilities
Criticality level: Highly critical
Impact: System access
Where: From remote
http://secunia.com/advisories/39303/
DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft Office
Excel, which can be exploited by malicious people to compromise
a
user's system.
1) A sign-extension error and integer overflow when parsing a
certain
record type can be exploited to cause a heap-based buffer
overflow.
2) An unspecified error when parsing certain records can be
exploited
to corrupt memory.
3) An unspecified error in the format parsing can be exploited
to
corrupt memory.
4) A boundary error in the parsing of certain records in Lotus
1-2-3
workbooks can be exploited to cause a heap-based buffer
overflow via
a Lotus 1-2-3 file containing a specially crafted, overly long
record.
5) An unspecified error in the formula substream parsing can be
exploited to corrupt memory.
6) An unspecified error in the parsing of formula information
can be
exploited to corrupt memory.
7) An error when parsing certain records can be exploited to
corrupt
memory.
8) An error in the parsing of the Merge Cell record can be
exploited
to corrupt memory.
9) An error in the handling of the "negative future function"
can be
exploited to corrupt memory.
10) An error when processing Extra Out of Boundary records
having an
insufficient size can be exploited to corrupt memory placed at
an
arbitrary address via a specially crafted Excel document.
11) An error in the parsing of Real Time Data Array records can
be
exploited to corrupt memory.
12) An unspecified error can be exploited to cause an
"out-of-bounds
memory write" and corrupt memory.
13) Missing input validation in a conversion routine when
parsing a
certain record type can be exploited to corrupt memory outside
the
bounds of an allocated heap buffer via an overly large range
specified by two record fields.
Successful exploitation of the vulnerabilities may allow
execution of
arbitrary code.
SOLUTION:
Apply patches.
ORIGINAL ADVISORY:
MS10-080 (KB2293211, KB2345017, KB2344893, KB2345035,
KB2422343,
KB2422352, KB2422398, KB2345088, KB2344875):
http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx
Secunia Research:
http://secunia.com/secunia_research/2010-55/
http://secunia.com/secunia_research/2010-63/
http://secunia.com/secunia_research/2010-64/
http://secunia.com/secunia_research/2010-65/
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
