Manage updates with the Download App
Microsoft Office Excel Multiple Vulnerabilities
by Carol~ 
- 5/8/12 1:08 PM
In Reply to: VULNERABILITIES / FIXES - May 08, 2012 by Carol~
Release Date : 2012-05-08
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office 2010
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2007
Microsoft Office for Mac 2011
Description:
Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
1) An error when validating certain data within Excel files can be exploited to corrupt memory.
2) An error when handling the OBJECTLINK record within Excel files can be exploited to corrupt memory.
3) An error when validating certain data within Excel files can be exploited to corrupt memory.
4) An error when handling the SXLI record within Excel files can be exploited to corrupt memory.
5) An error when handling the MergeCells record within Excel files can be exploited to cause a heap-based buffer overflow.
6) A type mismatch error when handling the Series record within Excel files can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
Solution:
Apply patches.
Provided and/or discovered by:
The vendor credits the following people:
1, 2) Omair
4) Omair via iDefense
5, 6) Sean Larsson and Jun Mao via iDefense
6) An anonymous person via ZDI
Original Advisory:
MS12-030 (KB2553371, KB2596842, KB2597086, KB2597161, KB2597162, KB2597166, KB2597969, KB2665346, KB2665351):
http://technet.microsoft.com/en-us/security/bulletin/ms12-030
http://secunia.com/advisories/49112/
Unread
Read
Locked thread
Moderator
CNET Staff
Samsung Staff
Norton Authorized Support Team
AVG Staff
avast! Staff
Webroot Support Team
Acer Customer Experience Team
Windows Outreach Team
Dell Staff
Intel Staff
Question
Resolved question
General discussion
Tip
Alert or warning
Praise
Rant