CERT-In Vulnerability Note
CIVN-2006-0097
Microsoft Excel Malformed DATETIME Record, STYLE Record, Lotus file, COLINFO Record Vulnerabilities
Original Issue Date:October 11, 2006
Updated: October 11, 2006
Severity Rating: HIGH
Systems Affected
Microsoft Office 2000 Service Pack 3 Microsoft Excel 2000 Microsoft Office XP Service Pack 3 Microsoft Excel 2002 Microsoft Office 2003 Service Pack 1 or Service Pack 2 Microsoft Office Excel 2003 Microsoft Office Excel Viewer 2003 Microsoft Works Suites: Microsoft Works Suite 2004Microsoft Works Suite 2005Microsoft Works Suite 2006
Overview
Certain vulnerabilities have been reported in Microsoft Excel 2000, 2002, 2003, Excel Viewer 2003 and Microsoft Works Suites 2004, 2005 and 2006. A remote attacker could exploit these vulnerabilities to take complete control of affected systems.
If a user was logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
Description
Excel Malformed DATETIME Record Vulnerability
(
CVE-2006-2387
)
This vulnerability is caused because Excel does not perform sufficient data validation when processing the contents of an .xls file. This could be exploited by an attacker When Excel opens a maliciously crafted Excel file and parses a malformed DATETIME record. This could corrupt system memory allowing the attacker could execute arbitrary code.
Excel Malformed STYLE Record Vulnerability
(
CVE-2006-3431
)
This vulnerability is caused due to insufficient data validation by Excel when processing the contents of an .xls file. This could be exploited by an attacker by sending a specially crafted Excel file to affected systems. When Excel opens the malicious Excel file and parses a malformed STYLE record, it may corrupt system memory in such a way that the attacker could execute arbitrary code.
Excel Handling of Lotus 1-2-3 File Vulnerability
(
CVE-2006-3867
)
This vulnerability is caused due to a flaw in Excel occurring while processing a maliciously crafted Lotus 1-2-3 file. This could be exploited by a remote attacker by sending a specially crafted Lotus 1-2-3 file to affected systems. When Excel opens the malicious Lotus 1-2-3 file, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
Malformed COLINFO Record Vulnerability-
(
CVE-2006-3875
)
This vulnerability is caused because Excel does not perform sufficient data validation when processing the contents of an .xls file. When Excel opens a specially crafted Excel file and parses a malformed COLINFO record, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-059
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx
References
US-CERT
http://www.us-cert.gov/cas/techalerts/TA06-283A.html
Secunia
http://secunia.com/advisories/20268
CVE Name
CVE-2006-2387
CVE-2006-3431
CVE-2006-3867
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-2436857
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|