Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Excel Credential Caching Vulnerability
Date Discovered: 08/12/2008
Severity: High
Applications Affected: Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP3
Microsoft Office System 2007
Microsoft Office System 2007 SP1
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer 2003 SP3
Microsoft Office Excel Viewer
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Server 2007 SP1
Microsoft Office SharePoint Server 2007 x64
Microsoft Office SharePoint Server 2007 x64 SP1
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Synopsis
Microsoft Excel is prone to a Credential Caching vulnerability. Microsoft Excel does not properly delete the password string when the .xlsx file is configured to not save remote data session password.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-043.mspx
Threat Analysis
This vulnerability exists in Excel 2007 when data connections are made to a remote data sources. An attacker could exploit the vulnerability to gain access to a secured remote data source by opening an .xlsx file that had been explicitly configured not to store credentials to the remote data source.

This vulnerability requires that an attacker access a file that has been previously saved by an authorized user to a data source that is password protected. An attacker who successfully exploited this vulnerability could gain access to data that is password protected on a remote data source.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3003

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map