(MS08-014) Microsoft Excel File Import Vulnerability (949029)

Content

(MS08-014) Microsoft Excel File Import Vulnerability (949029)

Type: Buffer Overflow
Impact of exploitation: Remote Code Execution
User Interaction: user interaction is needed
Attack Vector: Maliciously Crafted File
Rating: Medium
CVE reference: CVE-2008-0112,
Vendor Status: Responded and patched
Vulnerable systems: Excel 2000 SP3,; Office 2004 Mac,; Office 2008 for Mac,
Summary: A vulnerability in Microsoft Excel may allow for remote code-execution attacks. A user would have to open a malicious Excel file or visit a Web site hosting such a file for an attack to occur.

Tab Navigation

Description

Excel is an industry-standard spreadsheet application developed by Microsoft. A vulnerability in Microsoft Excel may allow for remote code-execution attacks. A specially crafted Excel file could trigger a flaw due to improper importation of malicious .slk files. A user would have to open a malicious Excel file or visit a Web site hosting such a file for an attack to occur.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (949029): http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:: (MS08-014) Microsoft Excel File Import Vulnerability (949029)
Signature identifier:: 5744
Release date:: 3/11/2008

McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:: HTTP: Microsoft Excel File Import Vulnerability
Signature identifier:: 0x40243C00
Release date:: 3/11/2008
First released in:: 4.1.22, 3.1.59

McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge

Signature:: Generic Buffer Overflow Protection
Signature identifier:: 428
Release date:: 8/24/2000

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE8.0i protects against many buffer overflow exploits. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.

Signature:: Buffer Overflow Protection
Release date:: 8/30/2004
First released in:: Build 131

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Out of the box, VSE8.5i and ToPS SB protect against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:: Buffer Overflow Protection
Release date:: 11/29/2006
First released in:: Build 354

Additional Resources

Microsoft Security Bulletin: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

March 2008 MS08-014 Re-release

http://blogs.technet.com/msrc/archive/2008/03/19/march-2008-ms08-014-re-release.aspx

All Information

Timeline -

3/19/2008

The vendor has re-released a patch for Excel 2003 SP2 and SP3 to fix errors caused by the original patch.

3/11/2008

Vendor has provided a patch.

Description -

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (949029): http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:: (MS08-014) Microsoft Excel File Import Vulnerability (949029)
Signature identifier:: 5744
Release date:: 3/11/2008

McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:: HTTP: Microsoft Excel File Import Vulnerability
Signature identifier:: 0x40243C00
Release date:: 3/11/2008
First released in:: 4.1.22, 3.1.59

McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge

Signature:: Generic Buffer Overflow Protection
Signature identifier:: 428
Release date:: 8/24/2000

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE8.0i protects against many buffer overflow exploits. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.

Signature:: Buffer Overflow Protection
Release date:: 8/30/2004
First released in:: Build 131

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:: Buffer Overflow Protection
Release date:: 11/29/2006
First released in:: Build 354

Additional Resources

Additional Resources -

Microsoft Security Bulletin: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

March 2008 MS08-014 Re-release

http://blogs.technet.com/msrc/archive/2008/03/19/march-2008-ms08-014-re-release.aspx

McAfee > Theat Center > Vulnerability Detail Page

Navigation

Utility Navigation

Global Sites

Need Help?

Threat Center

Segment Navigation

Section Navigation

Content