CERT-In Vulnerability Note
CIVN-2008-0187
Microsoft Office Excel Remote Code Execution
Original Issue Date:December 11, 2008
Severity Rating: HIGH
Systems Affected
- Office Excel 2007 SP1 and prior
- Office Excel 2003 SP3 and prior
- Office Excel 2002 SP3 and prior
- Office Excel 2000 SP3 and prior
- Microsoft Office Excel Viewer 2007
- Microsoft Office Excel Viewer 2003 SP3 and prior
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and prior
- Microsoft Office 2008 for Mac
- Microsoft Office 2004 for Mac
- Open XML File Format Converter for Mac versions 1.0.2 and prior
Overview
Multiple remote code execution vulnerabilities are reported in Microsoft Excel when handling malicious files. An attacker can exploit these issues by tricking an unsuspecting victim into opening a malicious Excel file. A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.
Description
1. Microsoft Excel Formula Handling Remote Code Execution Vulnerability
(
CVE-2008-4264
)
An unspecified error in the processing of Excel formulas can be exploited to corrupt memory via a specially crafted XLS file.
2. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability
(
CVE-2008-4265
)
An unspecified error in the processing of Excel records can be exploited to corrupt memory via a specially crafted XLS file.
3. Microsoft Excel Global Array Memory Corruption Vulnerability
(
CVE-2008-4266
)
An error while validating an index value in a NAME record can be exploited to corrupt memory via a specially crafted Excel Spreadsheet XLS file.
Workaround
- Use the Microsoft Office Isolated Conversion Environment MOICE when opening files from unknown or un-trusted sources
- Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations
- Do not open Email message or attachment from un-trusted sources.
- Do not open or save Microsoft Office files received from un-trusted sources.
For detailed steps and impact of applying these workarounds refer to Microsoft security Bulletin MS08-074
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin
MS08-074
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx
References
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx
CISCO security center
http://tools.cisco.com/security/center/viewAlert.x?alertId=17174
http://tools.cisco.com/security/center/viewAlert.x?alertId=17175
http://tools.cisco.com/security/center/viewAlert.x?alertId=17176
Secunia
http://secunia.com/advisories/31593/
SANS Internet Storm Center
http://isc.sans.org/diary.html?storyid=5449
CVE Name
CVE-2008-4264
CVE-2008-4265
CVE-2008-4266
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-2436857
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|