Content

(MS09-067) Excel Document Parsing Memory Corruption Vulnerability (972652)

Type
Buffer Overflow
Impact of exploitation
Privilege Escalation
User Interaction
user interaction is needed
Attack Vector
Maliciously Crafted File
Rating
Medium
CVE reference
CVE-2009-3133,
Vendor Status
Responded and patched
Vulnerable systems
Excel  2002 SP3,
Office for Mac  2004,
Office for Mac  2008,
Open XML File Format Converter for Mac  1.0,
Summary
A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object.

Tab Navigation

Description

A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ? The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. ? An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-067) Excel Document Parsing Memory Corruption Vulnerability (972652)
Signature identifier:
7325
Release date:
11/10/2009

Additional Resources

(MS09-067) Excel Document Parsing Memory Corruption Vulnerability (972652)

http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

All Information

Timeline -

11/10/2009

Vendor has provided a patch.

Description -

A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ? The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. ? An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-067) Excel Document Parsing Memory Corruption Vulnerability (972652)
Signature identifier:
7325
Release date:
11/10/2009

Additional Resources

Additional Resources -

(MS09-067) Excel Document Parsing Memory Corruption Vulnerability (972652)

http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx