Content

(MS09-067) Excel Formula Parsing Memory Corruption Vulnerability (972652)

Type
Buffer Overflow
Impact of exploitation
Remote Code Execution
User Interaction
user interaction is needed
Attack Vector
Maliciously Crafted File
Rating
Medium
CVE reference
CVE-2009-3131,
Vendor Status
Responded and patched
Vulnerable systems
Excel  2002 SP3,
Excel  2003 SP3,
Excel 2007  SP2,
Office for Mac  2004,
Office for Mac  2008,
Excel Viewer  2003 SP3,
Compatibility Pack Word Excel Powerpoint 2007  ,
Summary
A flaw exists when Microsoft Office Excel parses documents containing a specially crafted formula embedded inside a cell. This can result in a remote compromise of the system under the context of the currently logged on user.

Tab Navigation

Description

A flaw exists when Microsoft Office Excel parses documents containing a specially crafted formula embedded inside a cell. This can result in a remote compromise of the system under the context of the currently logged on user. ? The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. ? An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-067) Excel Formula Parsing Memory Corruption Vulnerability (972652)
Signature identifier:
7323
Release date:
11/10/2009

Additional Resources

(MS09-067) Excel Formula Parsing Memory Corruption Vulnerability (972652)

http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

All Information

Timeline -

11/10/2009

Vendor has provided a patch.

Description -

A flaw exists when Microsoft Office Excel parses documents containing a specially crafted formula embedded inside a cell. This can result in a remote compromise of the system under the context of the currently logged on user. ? The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. ? An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-067) Excel Formula Parsing Memory Corruption Vulnerability (972652)
Signature identifier:
7323
Release date:
11/10/2009

Additional Resources

Additional Resources -

(MS09-067) Excel Formula Parsing Memory Corruption Vulnerability (972652)

http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx