Security Microsoft Excel File Handling Code Execution

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donat-o-Meter Stats
August´s Goal:	$400.00
Due Date:	Aug 31
Net Balance:	$90.19
Left to go:	$309.81

Donations
danmih Aug-24
Assault Aug-16
Luckson Aug-4
Doulos Aug-4
amber222 Aug-3

Please Link To Me!

Services Available

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or PhpNuke?

Need help customizing or designing scripts?

Please contact me via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Verse of the Day

Microsoft Excel File Handling Code Execution

SECUNIA ADVISORY ID: SA28506

VERIFY ADVISORY: http://secunia.com/advisories/28506/

CRITICAL: Extremely critical

IMPACT: System access

SOFTWARE:
Microsoft Excel 2003: http://secunia.com/product/4970/
Microsoft Excel Viewer 2003: http://secunia.com/product/7700/
Microsoft Excel 2002: http://secunia.com/product/4043/
Microsoft Excel 2000: http://secunia.com/product/3054/
Microsoft Office 2000: http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition: http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition: http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition: http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition: http://secunia.com/product/2278/
Microsoft Office 2004 for Mac: http://secunia.com/product/8713/

DESCRIPTION: A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the handling of Excel files and can be exploited via a specially crafted Excel file with malformed header information. Successful exploitation allows execution of arbitrary code but requires that the user is tricked into opening a malicious Excel file. NOTE: According to Microsoft, this is currently being actively exploited.

The vulnerability is reported in the following versions:
* Microsoft Office Excel 2003 Service Pack 2
* Microsoft Office Excel Viewer 2003
* Microsoft Office Excel 2002
* Microsoft Office Excel 2000
* Microsoft Excel 2004 for Mac.

SOLUTION: Do not open untrusted Excel files. For Microsoft Excel 2003, the vendor recommends using the Microsoft Office Isolated Conversion Environment (MOICE) or Microsoft Office File Block policy. Please see the vendor's advisory for details.

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY: Microsoft (KB947563): http://www.microsoft.com/technet/security/advisory/947563.mspx

Posted on Wednesday, January 16, 2008 @ 23:09:17 EST by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

Associated Topics

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
::