English

Calendar Discussions Polls

RSS feeds Subscriptions Contacts

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→SA35364

Microsoft Excel Multiple Vulnerabilities

Secunia ID	SA35364
CVE-ID	CVE-2009-0549, CVE-2009-0557, CVE-2009-0558, CVE-2009-0559, CVE-2009-0560, CVE-2009-0561, CVE-2009-1134
Release Date	09 Jun 2009
Last Change	12 Jun 2009
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office 2007 Microsoft Office 2008 for Mac Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office SharePoint Server 2007 Microsoft Office XP Microsoft Open XML File Format Converter for Mac
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. 1) An array-indexing error when processing certain records can be exploited to corrupt memory via a specially crafted Excel file. 2) An error when parsing certain records may result in a corrupted pointer being used when opening a specially crafted Excel file. 3) An error when parsing certain records may result in a corrupted object being used when opening a specially crafted Excel file. 4) An error when parsing certain records can be exploited to corrupt memory when opening a specially crafted Excel file. 5) A boundary error when parsing certain records can be exploited to cause a stack-based buffer overflow when opening a specially crafted Excel file. 6) An error when parsing Qsir BIFF records (0x806) may result in a corrupted pointer being used when opening a specially crafted Excel file. 7) An integer overflow error when processing the number of strings in a file can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution	Apply patches. Microsoft Office Excel 2000 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb Microsoft Office Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415 Microsoft Office Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb Microsoft Office Excel 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99 Microsoft Office Excel 2007 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99 Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550 Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58 Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6 Microsoft Office Excel Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e Microsoft Office Excel Viewer: http://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2: http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2 Microsoft Office SharePoint Server 2007 SP1 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d Microsoft Office SharePoint Server 2007 SP2 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d Microsoft Office SharePoint Server 2007 SP1 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd Microsoft Office SharePoint Server 2007 SP2 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
Reported by	1) Carsten Eiram, Secunia Research. 2-4) The vendor credits Bing Liu, Fortinet. 5) TELUS Security Labs Vulnerability Research Team. 6) an anonymous person, reported via ZDI. 7) Independently reported by: * Carsten Eiram, Secunia Research. * Sean Larsson and Joshua Drake, VeriSign iDefense Labs.
Original Advisory	MS09-021 (KB969462, KB969661, KB969679, KB969680, KB969681, KB969682, KB969683, KB969685, KB969686, KB969737, KB971822, KB971824): http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx Secunia Research: http://secunia.com/secunia_research/2009-1/ http://secunia.com/secunia_research/2009-12/ TELUS Security Labs: http://telussecuritylabs.com/threats/show/FSC20090609-01 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-040/ iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805