|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Jun 09 2009 - 16:47:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
salessecunia.com
----------------------------------------------------------------------
TITLE:
Microsoft Excel Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35364
VERIFY ADVISORY:
http://secunia.com/advisories/35364/
DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft Excel, which
can be exploited by malicious people to compromise a user's system.
1) An array-indexing error when processing certain records can be
exploited to corrupt memory via a specially crafted Excel file.
2) An error when parsing certain records may result in a corrupted
pointer being used when opening a specially crafted Excel
file.
3) An error when parsing certain records may result in a corrupted
object being used when opening a specially crafted Excel file.
4) An error when parsing certain records can be exploited to corrupt
memory when opening a specially crafted Excel file.
5) A boundary error when parsing certain records can be exploited to
cause a stack-based buffer overflow when opening a specially crafted
Excel file.
6) An error when parsing certain records may result in a corrupted
pointer being used when opening a specially crafted Excel
file.
7) An integer overflow error when processing the number of strings in
a file can be exploited to cause a heap-based buffer overflow via a
specially crafted Excel file.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply patches.
Microsoft Office Excel 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb
Microsoft Office Excel 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
Microsoft Office Excel 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
Microsoft Office Excel 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office Excel 2007 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
Open XML File Format Converter for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
Microsoft Office Excel Viewer 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
Microsoft Office Excel Viewer:
http://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
Microsoft Office SharePoint Server 2007 SP1 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
Microsoft Office SharePoint Server 2007 SP2 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
Microsoft Office SharePoint Server 2007 SP1 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
Microsoft Office SharePoint Server 2007 SP2 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
PROVIDED AND/OR DISCOVERED BY:
1) Carsten Eiram, Secunia Research.
2-4) The vendor credits Bing Liu, Fortinet.
5) The vendor credits TELUS Security Labs Vulnerability Research
Team.
6) The vendor credits TippingPoint and the Zero Day Initiative.
7) Independently reported by:
* Carsten Eiram, Secunia Research.
* Sean Larsson and Joshua Drake, VeriSign iDefense Labs.
ORIGINAL ADVISORY:
MS09-021 (KB969462, KB969661, KB969679, KB969680, KB969681, KB969682,
KB969683, KB969685, KB969686, KB969737, KB971822, KB971824):
http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx
Secunia Research:
http://secunia.com/secunia_research/2009-1/
http://secunia.com/secunia_research/2009-12/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]