Microsoft Excel Header Parsing Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/11/2008
Severity:	High
Applications Affected:	Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP2 Microsoft Office 2007 System Microsoft Office Excel Viewer 2003 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac

Synopsis

A remote code execution vulnerability exists in the way Excel handles macros when opening specially crafted Excel files, caused improper handling of macro information within Excel files.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx

Threat Analysis

Microsoft Excel is prone to a remote code-execution vulnerability. This issue is caused by a memory corruption error when handling header information, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel file.

By persuading a victim to open a specially-crafted Excel file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081
http://www.securityfocus.com/bid/27305

Write-up by: Aditya Chaturvedi

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |