Internet threat level: 1
Home→Descriptions→SA38805
Microsoft Office Excel Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2010-0257, CVE-2010-0258, CVE-2010-0260, CVE-2010-0261, CVE-2010-0262, CVE-2010-0263, CVE-2010-0264 |
| Release Date |
09 Mar 2010 |
| Last Change |
10 Mar 2010 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Microsoft Excel 2002 |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) An error in the parsing of records can be exploited to corrupt memory via a specially crafted file. 2) An error in the parsing of sheet object types can be exploited to corrupt memory via a specially crafted file. 3) An error in the parsing of MDXTUPLE records can be exploited to cause a heap-based buffer overflow via a specially crafted file. 4) An error in the parsing of MDXSET records can be exploited to cause a heap-based buffer overflow via a specially crafted file. 5) An error in the parsing of FNGROUPNAME records may result in the use of uninitialised memory via a specially crafted file. 6) An error in the parsing of a ZIP header within XLSX files when decompressing certain XML elements may result in use of uninitialised memory. 7) An error in the parsing of DbOrParamQry records can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. |
| Solution |
Apply patches. Microsoft Office Excel 2002 SP3: Microsoft Office Excel 2003 SP3: Microsoft Office Excel 2007 SP1: Microsoft Office Excel 2007 SP2: Microsoft Office 2004 for Mac: Microsoft Office 2008 for Mac: Open XML File Format Converter for Mac: Microsoft Office Excel Viewer SP1/SP2: Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1/SP2: Microsoft Office SharePoint Server 2007 SP1 (32-bit editions): Microsoft Office SharePoint Server 2007 SP2 (32-bit editions): Microsoft Office SharePoint Server 2007 SP1 (64-bit editions): Microsoft Office SharePoint Server 2007 SP2 (64-bit editions): NOTE: Some links may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. |
| Reported by |
1) The vendor credits Nicolas Joly, Vupen. |
| Original Advisory |
MS10-017 (KB980150, KB978471, KB978474, KB978382, KB980837, KB980839, KB980840, KB978383, KB978380, KB979439): iDefense Labs: ZDI: Core Security: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.