TITLE: Microsoft Office Multiple Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA19138
VERIFY ADVISORY: http://secunia.com/advisories/19138/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Excel 2000 http://secunia.com/product/3054/ Microsoft Excel 2002 http://secunia.com/product/4043/ Microsoft Excel 2003 http://secunia.com/product/4970/ Microsoft Excel Viewer 2003 http://secunia.com/product/7700/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2004 for Mac http://secunia.com/product/8713/ Microsoft Office X for Mac http://secunia.com/product/2610/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Outlook 2000 http://secunia.com/product/33/ Microsoft Outlook 2002 http://secunia.com/product/34/ Microsoft PowerPoint 2000 http://secunia.com/product/3052/ Microsoft PowerPoint 2002 http://secunia.com/product/2223/ Microsoft Word 2000 http://secunia.com/product/2149/ Microsoft Word 2002 http://secunia.com/product/2150/ Microsoft Works Suite 2001 http://secunia.com/product/2145/ Microsoft Works Suite 2002 http://secunia.com/product/2144/ Microsoft Works Suite 2003 http://secunia.com/product/2143/ Microsoft Works Suite 2004 http://secunia.com/product/3897/ Microsoft Works Suite 2005 http://secunia.com/product/8711/ Microsoft Works Suite 2006 http://secunia.com/product/8712/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) An error in Excel when processing files with a malformed range can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 2) An error in Office when processing documents containing a specially crafted "routing slip" can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a malicious document. 3) An error in Excel when processing a malformed parsing format file can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 4) An error in Excel when processing a malformed description can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 5) An error in Excel when processing malformed graphics can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. 6) An error in Excel when processing malformed records can be exploited to corrupt memory and allows execution of arbitrary code on a user's system when viewing a specially crafted Excel file. SOLUTION: Apply patches. Microsoft Word 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4 Microsoft Excel 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=C9433440-31EF-4C18-A0C7-B595EA23F6FC Microsoft Outlook 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=2B231231-AC83-4688-9C8D-DCDCB544FB3C Microsoft PowerPoint 2000 (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=F24D4BD0-4771-4688-B52A-02D4EABB1574 Microsoft Office 2000 MultiLanguage Packs (requires Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=0AAA1700-766F-4979-B51F-AAA0A24EF2E8 Microsoft Word 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Excel 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=643337C7-8A47-4FA3-AB58-7A916B33607D&displaylang=en Microsoft Outlook 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0D4441-4F88-4B59-A4F3-6FB558EF8135 Microsoft PowerPoint 2002 (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=C74CB45B-CF92-4EFC-8DBE-DBF4BDEBE215 Microsoft Office XP Multilingual User Interface Packs (requires Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=589D9ABB-6308-4208-881C-CE58D6972E1F&displaylang=en Microsoft Excel 2003 (requires Office 2003 SP1/SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=AC22F83A-B409-4469-984E-6C19D8F5FE41&displaylang=en Microsoft Excel 2003 Viewer (requires Office 2003 SP1/SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=7DBADBD1-0542-475B-91B5-90DD2AF2C0FC&displaylang=en Microsoft Works Suite 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en Microsoft Works Suite 2001: http://www.microsoft.com/downloads/details.aspx?FamilyId=CD2179FD-37F5-4D09-B653-0174651CF5E4&displaylang=en Microsoft Works Suite 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Works Suite 2006: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B98A5FE-7A26-45F0-8D28-C9618FA7A458&displaylang=en Microsoft Office X for Mac: http://www.microsoft.com/mac/ Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/ ORIGINAL ADVISORY: MS06-012 (KB905413): http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
