Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
6300c1c3adca03d4a9e89630bb3403bdf04b48dfb5f117a447570c1e4516becc
TITLE:
Microsoft Office Multiple Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA19138
VERIFY ADVISORY:
http://secunia.com/advisories/19138/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Excel 2000
http://secunia.com/product/3054/
Microsoft Excel 2002
http://secunia.com/product/4043/
Microsoft Excel 2003
http://secunia.com/product/4970/
Microsoft Excel Viewer 2003
http://secunia.com/product/7700/
Microsoft Office 2000
http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/
Microsoft Office 2004 for Mac
http://secunia.com/product/8713/
Microsoft Office X for Mac
http://secunia.com/product/2610/
Microsoft Office XP
http://secunia.com/product/23/
Microsoft Outlook 2000
http://secunia.com/product/33/
Microsoft Outlook 2002
http://secunia.com/product/34/
Microsoft PowerPoint 2000
http://secunia.com/product/3052/
Microsoft PowerPoint 2002
http://secunia.com/product/2223/
Microsoft Word 2000
http://secunia.com/product/2149/
Microsoft Word 2002
http://secunia.com/product/2150/
Microsoft Works Suite 2001
http://secunia.com/product/2145/
Microsoft Works Suite 2002
http://secunia.com/product/2144/
Microsoft Works Suite 2003
http://secunia.com/product/2143/
Microsoft Works Suite 2004
http://secunia.com/product/3897/
Microsoft Works Suite 2005
http://secunia.com/product/8711/
Microsoft Works Suite 2006
http://secunia.com/product/8712/
DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft Office,
which can be exploited by malicious people to compromise a user's
system.
1) An error in Excel when processing files with a malformed range can
be exploited to corrupt memory and allows execution of arbitrary code
on a user's system when viewing a specially crafted Excel file.
2) An error in Office when processing documents containing a
specially crafted "routing slip" can be exploited to corrupt memory
and allows execution of arbitrary code on a user's system when
viewing a malicious document.
3) An error in Excel when processing a malformed parsing format file
can be exploited to corrupt memory and allows execution of arbitrary
code on a user's system when viewing a specially crafted Excel file.
4) An error in Excel when processing a malformed description can be
exploited to corrupt memory and allows execution of arbitrary code on
a user's system when viewing a specially crafted Excel file.
5) An error in Excel when processing malformed graphics can be
exploited to corrupt memory and allows execution of arbitrary code on
a user's system when viewing a specially crafted Excel file.
6) An error in Excel when processing malformed records can be
exploited to corrupt memory and allows execution of arbitrary code on
a user's system when viewing a specially crafted Excel file.
SOLUTION:
Apply patches.
Microsoft Word 2000 (requires Office 2000 SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4
Microsoft Excel 2000 (requires Office 2000 SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C9433440-31EF-4C18-A0C7-B595EA23F6FC
Microsoft Outlook 2000 (requires Office 2000 SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2B231231-AC83-4688-9C8D-DCDCB544FB3C
Microsoft PowerPoint 2000 (requires Office 2000 SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=F24D4BD0-4771-4688-B52A-02D4EABB1574
Microsoft Office 2000 MultiLanguage Packs (requires Office 2000
SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=0AAA1700-766F-4979-B51F-AAA0A24EF2E8
Microsoft Word 2002 (requires Office XP SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft Excel 2002 (requires Office XP SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=643337C7-8A47-4FA3-AB58-7A916B33607D&displaylang=en
Microsoft Outlook 2002 (requires Office XP SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0D4441-4F88-4B59-A4F3-6FB558EF8135
Microsoft PowerPoint 2002 (requires Office XP SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C74CB45B-CF92-4EFC-8DBE-DBF4BDEBE215
Microsoft Office XP Multilingual User Interface Packs (requires
Office XP SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=589D9ABB-6308-4208-881C-CE58D6972E1F&displaylang=en
Microsoft Excel 2003 (requires Office 2003 SP1/SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC22F83A-B409-4469-984E-6C19D8F5FE41&displaylang=en
Microsoft Excel 2003 Viewer (requires Office 2003 SP1/SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=7DBADBD1-0542-475B-91B5-90DD2AF2C0FC&displaylang=en
Microsoft Works Suite 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en
Microsoft Works Suite 2001:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en
Microsoft Works Suite 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft Works Suite 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft Works Suite 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft Works Suite 2005:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft Works Suite 2006:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en
Microsoft Office X for Mac:
http://www.microsoft.com/mac/
Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac/
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Peter Winter-Smith of NGSSoftware and
FelicioX.
2) The vendor credits Ollie Whitehouse, Symantec.
3) The vendor credits TippingPoint and the Zero Day Initiative.
4) The vendor credits Dejun, Fortinet Security Response Team.
5) Reported by vendor.
6) The vendor credits Eyas, XFOCUS Security Team.
ORIGINAL ADVISORY:
MS06-012 (KB905413):
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------