|
VUPEN Security Research - Microsoft Office Excel Code Execution
Vulnerabilities
http://www.vupen.com/english/research.php
I. BACKGROUND ---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use." from microsoft.com
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered four critical vulnerabilities
affecting Microsoft Office Excel.
These vulnerabilities are caused by memory corruptions, invalid index,
and invalid pointer errors when processing malformed Excel documents,
which could allow attackers to execute arbitrary code via a specially
crafted XLS file.
VUPEN-SR-2008-10 - Microsoft Office Excel Records Parsing Memory Corruption
VUPEN-SR-2008-09 - Microsoft Office Excel Index Parsing Memory Corruption
VUPEN-SR-2008-08 - Microsoft Office Excel Formula Parsing Memory Corruption
VUPEN-SR-2008-07 - Microsoft Office Excel Document Processing Heap Overflow
III. AFFECTED PRODUCTS
--------------------------------
- Microsoft Office Excel 2007 Service Pack 1
- Microsoft Office Excel 2007 Service Pack 2
- Microsoft Office Excel 2003 Service Pack 3
- Microsoft Office Excel 2002 Service Pack 3
- Microsoft Office 2008 for Mac
- Microsoft Office 2004 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer 2003 Service Pack 3
- Microsoft Office Excel Viewer Service Pack 1
- Microsoft Office Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 1
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 2
IV. Exploits - PoCs & Binary Analysis
--------------------------------------
Code execution exploits and PoCs have been developed by VUPEN Security
and are available with the in-depth binary analysis of the flaws
through the VUPEN Exploits & PoCs Service.
http://www.vupen.com/exploits
V. SOLUTION ----------------
Apply MS09-067 patches :
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
VI. CREDIT --------------
The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security
VII. ABOUT VUPEN Security
---------------------------------
VUPEN is a leading provider of vulnerability analysis and alerts,
and commercial-grade exploits which enable corporations and institutions
to eliminate vulnerabilities before they can be exploited by attackers,
to ensure security policy compliance, and meaningfully measure and manage
risks.
VUPEN also provides research services for security vendors (antivirus,
IDS, IPS, vulnerability scanning, etc) to supplement their
internal vulnerability research efforts and quickly develop
vulnerability-based signatures, rules, and filters, and proactively
protect their customers against potential threats.
* VUPEN Vulnerability Notification Service:
http://www.vupen.com/english/services
* VUPEN Exploits and In-Depth Vulnerability Analysis:
http://www.vupen.com/exploits
VIII. REFERENCES
----------------------
http://www.vupen.com/english/research.php
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3133