HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-158
Multiple Vulnerabilities in Microsoft Excel

Original Issue Date:October 16, 2008

Severity Rating: High

Systems Affected

  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 2
  • Microsoft Office 2003 Service Pack 3
  • 2007 Microsoft Office System
  • 2007 Microsoft Office System Service Pack 1
  • Microsoft Office Excel Viewer 2003
  • Microsoft Office Excel Viewer 2003 Service Pack 3
  • Microsoft Office Excel Viewer
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
  • Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2007 Service Pack 1
  • Microsoft Office SharePoint Server 2007 x64 Edition
  • Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Open XML File Format Converter for Mac

Overview

Multiple vulnerabilities have been reported in Microsoft Excel that could allow a remote attacker to execute arbitrary code and to take complete control of an affected system.

Description

 1. Calendar Object Validation Vulnerability (CVE-2008-3477)

A remote code execution vulnerability has been reported in Microsoft Excel. This vulnerability is caused due to improper validation of several values in Calendar objects by Visual Basic for Applications (VBA) module in Excel. Exploitation of this vulnerability could cause execution of arbitrary code with the privileges of the current user, heap overflows, memory corruption, invalid array indexing, and integer overflow.

Workarounds

  • Use the Microsoft Office Isolated Conversion Environment (MOICE) while opening files from unknown or un-trusted sources
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources
  • Modify Access Control List (ACL) on VBE6.DLL to deny access to the Everyone group

2. Excel Format parsing stack overflow Vulnerability
    (CVE-2008-3471)

A remote code execution vulnerability has been reported in Microsoft Excel because of improper allocation of memory while loading excel file objects. This vulnerability is caused due to specific flaw while parsing of the Excel Binary Interchange File Format (BIFF) by Microsoft Excel. During the process of parsing of a malformed record, user supplied data is copied into a stack-based buffer that is calculated using contents from the BIFF record, which could cause an exploitable stack-based buffer overflow, resulting in memory corruption.

Workarounds

  • Use the Microsoft Office Isolated Conversion Environment (MOICE) while opening files from unknown or un-trusted sources
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources

3. Excel Formula Parsing Vulnerability (CVE-2008-4019)

An integer overflow vulnerability has been reported in Microsoft Excel. This vulnerability is caused due to an error in REPT () function of Microsoft Excel while processing formula information embedded in a cell, which could trigger an exploitable integer overflow condition. The overflow could occur because REPT () function allows the formula to exceed the limit of the cell, which could lead an attacker to execute arbitrary code with the privileges of currently logged in user.

A Remote attacker could exploit these vulnerabilities by enticing user to open specially crafted Excel file, to execute arbitrary code on target system. Successful exploitation of these vulnerabilities could allow remote attacker to take complete control of the vulnerable system.

      Note: These vulnerabilities affect the servers that have Excel                 Service installed, such as the default configuration of                 Microsoft Office SharePoint Server 2007 Enterprise and                 Microsoft Office SharePoint Server 2007. Microsoft Office                 SharePoint Server 2007 Standard does not include Excel                 Services by default.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-057

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx

References

 iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746

ZDI
http://www.zerodayinitiative.com/advisories/ZDI-08-068/

CISCO
http://www.cisco.com/web/about/security/intelligence/ERP_oct08.html

SecurityTracker
http://www.securitytracker.com/alerts/2008/Oct/1021044.html

CVE Name
CVE-2008-3477
CVE-2008-3471
CVE-2008-4019

 

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003