Microsoft Excel multiple security vulneraiblities updated since 08.05.2007
Published:		10.05.2007
Source:		MICROSOFT
SecurityVulns ID:		7677
Type:		client
Level:		6/10
Description:		Multiple memory corruptions on different record types handling.

Affected:		MICROSOFT : Office 2000
		MICROSOFT : Office 2003
		MICROSOFT : Office 2007
CVE:		CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.)
		CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.)
		CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.)

Original document		IDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Excel Filter Record Code Execution Vulnerability (10.05.2007)
		ZDI, ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability (08.05.2007)
		MICROSOFT, Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) (08.05.2007)

Files:		Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Discuss:		Read or add your comments to this news (0 comments)