Microsoft Security Bulletin MS02-031 - Cumulative Patches for Excel and Word for Windows. New patches have been released that fix four vulnerabilities: An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. This vulnerability could enable macros to execute and bypass the Macro Security Model when the user clicked on an object in a workbook. An Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened via a hyperlink on a drawing shape. It is possible for macros in a workbook so invoked to run automatically. An HTML script execution vulnerability that can occur when an Excel workbook with an XSL Stylesheet that contains HTML scripting is opened. The script within the XSL stylesheet could be run in the local computer zone. A new variant of the "Word Mail Merge" vulnerability first addressed in MS00-071. This new variant could enable an attacker's macro code to run automatically if the user had Microsoft Access present on the system and chose to open a mail merge document that had been saved in HTML format.
8963928d16edb4a982c3a492feb911511fb69728475dedb9893ad48e4a25af6fThis bulletin summary lists a re-released Microsoft security bulletin for August, 2012.
1de350bb2520b75dfa3ec3bc239ded133ecd09b6c1f6410fc4e873262d1a6427This bulletin summary lists 9 released Microsoft security bulletins for August, 2012.
1cd148fc9498f008662f4f946c98e9a7eed901cb0eb7aa4b7f0871457c406b3dThis bulletin summary lists 9 released Microsoft security bulletins for July, 2012.
90418879d0ab238c7a2eaf6a976ffbf6331efc6d9df5d266240df7df8636c141Technical Cyber Security Alert 2012-174A - Microsoft Security Advisory (2719615) warns of active attacks using a vulnerability in Microsoft XML Core Services. Microsoft Internet Explorer and Microsoft Office can be used as attack vectors.
0c812057868f3aa30c32aad25076f9d58f948634874ad313df23ae18d0447418This bulletin summary lists two re-released Microsoft security bulletins for June, 2012.
b0fd8000e5fac19e69898b9114b001de9004ba355cd47b89e02c5694958682d0This bulletin summary lists 7 released Microsoft security bulletins for June, 2012.
cadd2667353f95e62b5be34d5aa33caa74f50448487147ad4457309236fdf3e8This bulletin summary lists two re-released Microsoft security bulletins for May, 2012.
38e00533230827541928577359ace3c6629bc35bb69e64bd970ec68602541ed6This bulletin summary lists 7 released Microsoft security bulletins for May, 2012.
5b55111db2e9d458489aa5b317e94be0141b02eb1566f67bc6fa8b03a39a053cThis bulletin summary lists two re-released Microsoft security bulletins for April, 2012.
83497bc21efd0cef3c7040e1b998bc1a9933a4124934354fc581c55dd6122d9fThis bulletin summary lists a re-released MS10-058 Microsoft security bulletin for March, 2012.
039fc14e323510b6c9a961f11bb2cc328ff04d4f7bf8462ae57de8142ad065e4This bulletin summary lists 6 Microsoft security bulletins released for March, 2012.
2fc87b0379f848fe784413433c5a93cd6ee778f6af0b5fcfea8a3766d7892a52This bulletin summary lists 9 Microsoft security bulletins released for February, 2012.
763f6b1671f89c4a59ee66f6422eb9a2ae07e86811203de11eca55b9684a5b71This bulletin summary lists two re-released Microsoft security bulletins for January, 2012.
8166c2fc14d931bf4e778e6f7616fee0030a45c7475187aa3c6a3ec5b521737eThis bulletin summary lists 7 Microsoft security bulletins released for January, 2012.
a2f94a7a869562539d7be56f4ef081c382a5176690963900a45d6f76b4942eedThis bulletin summary lists a Microsoft security bulletin released for December, 2011.
95f9e401b87e851f6bd26e66c4095cd984e9aaf35e97816e4293032588528ffeThis bulletin summary lists 13 Microsoft security bulletins released for December, 2011.
18ad451024fea8e2036982e74af239ca16bc99787de18705168bc1182e6c63eaThis bulletin summary lists 4 Microsoft security bulletins released for November, 2011.
bed40aa96f50cbe6e979d8ac1028836a3e003551bb30a58821c831e5c03b2999This bulletin summary lists 8 Microsoft security bulletins released for October, 2011.
9cad8acac48c2a754450433d568cce508dfa732934c2515e7ce2e800567f6910This bulletin summary lists 5 Microsoft security bulletins released for September 2011.
658fe67fafa3857a68903e54a6728f3a857e12d1a29f5631f5e161d96c761469This bulletin summary lists 13 Microsoft security bulletins released for August 2011. The bulletins included are MS11-057, MS11-058, MS11-059, MS11-060, MS11-061, MS11-062, MS11-063, MS11-064, MS11-065, MS11-066, MS11-067, MS11-068, and MS11-069.
c6f21b40c7a38683575fae0f1c8d029c279fd9db3e25fe5d75ed5f39d332561bTechnical Cyber Security Alert 2011-193A - The Microsoft Security Bulletin Summary for July 2011 describes multiple vulnerabilities in Microsoft Windows and Office. Microsoft has released updates to address the vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
42b47c7464fc17d2f439abdb77cc00e8d6fd1b089185f3275457660c75005917This bulletin summary lists 4 Microsoft security bulletins released for July 2011.
138275b09044abe0454aca50bba2de503a5379574b43c6eee11d35a125f8ccedThis bulletin summary lists 16 Microsoft security bulletins released for June 2011. The bulletins included are MS11-038,MS11-039,MS11-040,MS11-041,MS11-042,MS11-043,MS11-044,MS11-050,MS11-052,MS11-037,MS11-045,MS11-046,MS11-047,MS11-048,MS11-049, and MS11-051.
cfb94240f6c6b681ca918e6622f0d2a78f3d17847deb4d4a373b674effda92a7iDefense Security Advisory 08.10.10 - Remote exploitation of a heap buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of some drawing object control words in an RTF document. Under certain circumstances, Word will copy a property value into a heap buffer without checking the length, which causes a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-056.
25855763a2da9fa2593ee54ea20cb23b8412b955183bf26b2866e5577463f29diDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
0ce96e514152fd2e39a14f6d90a2f11df679f07a29a783acaf69ad7b35b46079
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed