Internet threat level: 1
Home→Descriptions→SA29321
Microsoft Office Two Code Execution Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
11 Mar 2008 |
| Last Change |
17 Apr 2008 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Microsoft Office 2000 |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) An error when parsing cells comments in Excel files can be exploited to corrupt memory via a specially crafted Excel file. 2) An unspecified error when parsing Office files can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. |
| Solution |
Apply patches. Microsoft Office 2000 SP3: Microsoft Office XP SP3: Microsoft Office 2003 SP2: Microsoft Office Excel Viewer 2003: Microsoft Office Excel Viewer 2003 SP3: Microsoft Office 2004 for Mac: Microsoft Office Word Viewer 2003: Microsoft Office Word Viewer 2003 SP3: |
| Reported by |
1) Reported by Arnaud Dovi via Zero Day Initiative. |
| Original Advisory |
MS08-016 (KB949030): |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.