Vulnerability

CERT-In Vulnerability Note CIVN-2010-0231
Microsoft Office Excel Remote Code Execution Vulnerability

Original Issue Date:October 15, 2010

Severity Rating: MEDIUM

Systems Affected

Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Excel 2007 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Excel Viewer Service Pack 2
Open XML File Format Converter for Mac

Overview

Thirteen vulnerabilities have been reported in Microsoft office Excel. Successful exploitation of these vulnerabilities could allow an attacker to execute an arbitrary code and take complete control of the affected system in the context of logged in user.

Description

1. Microsoft Office Excel Record Validation Integer Overflow Memory Corruption Vulnerability ( CVE-2010-3230 )

This vulnerability exists due to improper processing of malformed records within Excel files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

2. Microsoft Office Excel Record Parsing Memory Corruption Vulnerability ( CVE-2010-3231 )

This vulnerability exists due to errors in processing records within Excel documents. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

3. Microsoft Office Excel Document Handling Arbitrary Code Execution Vulnerability ( CVE-2010-3232 )

This vulnerability exists due to improper handling of Excel documents. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

4. Microsoft Office Excel Lotus 1-2-3 Workbook Handling Arbitrary Code Execution Vulnerability ( CVE-2010-3233 )

This vulnerability is caused due to the improper processing of malformed Lotus 1-2-3 files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with the privileges of the user.

5. Microsoft Office Excel Cell Formula Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3234 )

This vulnerability exists due to the improper processing of formula content in document cells. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with the privileges of the user.

6. Microsoft Office Excel Formula Value Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3235 )

The vulnerability is due to the improper validation of formula values in Excel files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with the privileges of the user.

7. Microsoft Office Excel Array Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3236 )

The vulnerability exists because Excel performs invalid memory operations on arrays when the application processes malformed files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious spreadsheet which can allow the execution of arbitrary code with the privileges of the user.

8. Microsoft Office Excel Merge Cell Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3237 )

This vulnerability exists due to errors in processing malformed values within merged cells in Excel documents. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

9. Microsoft Office Excel Function Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3238 )

The vulnerability exists due to errors that occur when processing malformed functions within Excel documents. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

10. Microsoft Office Excel Record Parsing Out-of-Bounds Memory Operation Vulnerability ( CVE-2010-3239 )

The vulnerability exists due to errors in parsing malformed records within Excel files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

11. Microsoft Office Excel Real-Time Data Record Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3240 )

The vulnerability exists due to the improper processing of Real-Time Data (RTD) records within Excel documents. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

12. Microsoft Office Excel Document Parsing Memory Corruption Vulnerability ( CVE-2010-3241 )

The vulnerability exists due to improper processing of malformed documents. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.

13. Microsoft Office Excel Ghost Record Parsing Arbitrary Code Execution Vulnerability ( CVE-2010-3242 )

This vulnerability exists due to improper parsing malformed records within Excel files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious document. Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code with the privileges of the user.

Workaround

Do not open or save Microsoft Office files received from un-trusted sources.
Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations
Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS10-080

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx

Secunia
http://secunia.com/advisories/39303

VUPEN
http://www.vupen.com/english/advisories/2010/2627

SecurityTracker
http://securitytracker.com/alerts/2010/Oct/1024552.html

CVE Name
CVE-2010-3231
CVE-2010-3232
CVE-2010-3233
CVE-2010-3234
CVE-2010-3235
CVE-2010-3236
CVE-2010-3230
CVE-2010-3237
CVE-2010-3238
CVE-2010-3239
CVE-2010-3240
CVE-2010-3241
CVE-2010-3242

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India