VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities

2009-11-1200:00:00

vulners.com

JSON

VUPEN Security Research - Microsoft Office Excel Code Execution
Vulnerabilities

http://www.vupen.com/english/research.php

I. BACKGROUND ---------------------

"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use." from microsoft.com

II. DESCRIPTION ---------------------

VUPEN Vulnerability Research Team discovered four critical vulnerabilities
affecting Microsoft Office Excel.

These vulnerabilities are caused by memory corruptions, invalid index,
and invalid pointer errors when processing malformed Excel documents,
which could allow attackers to execute arbitrary code via a specially
crafted XLS file.

VUPEN-SR-2008-10 - Microsoft Office Excel Records Parsing Memory Corruption
VUPEN-SR-2008-09 - Microsoft Office Excel Index Parsing Memory Corruption
VUPEN-SR-2008-08 - Microsoft Office Excel Formula Parsing Memory Corruption
VUPEN-SR-2008-07 - Microsoft Office Excel Document Processing Heap Overflow

III. AFFECTED PRODUCTS

Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
Open XML File Format Converter for Mac
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer Service Pack 1
Microsoft Office Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 2

IV. Exploits - PoCs & Binary Analysis

Code execution exploits and PoCs have been developed by VUPEN Security
and are available with the in-depth binary analysis of the flaws
through the VUPEN Exploits & PoCs Service.

http://www.vupen.com/exploits

V. SOLUTION ----------------

Apply MS09-067 patches :
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

VI. CREDIT --------------

The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security

VII. ABOUT VUPEN Security

VUPEN is a leading provider of vulnerability analysis and alerts,
and commercial-grade exploits which enable corporations and institutions
to eliminate vulnerabilities before they can be exploited by attackers,
to ensure security policy compliance, and meaningfully measure and manage
risks.

VUPEN also provides research services for security vendors (antivirus,
IDS, IPS, vulnerability scanning, etc) to supplement their
internal vulnerability research efforts and quickly develop
vulnerability-based signatures, rules, and filters, and proactively
protect their customers against potential threats.