Microsoft Excel索引验证远程代码执行漏洞（MS08-043）

BUGTRAQ ID: 30638 CVECAN ID: CVE-2008-3004 Excel是Microsoft Office办公软件套件中的电子表格工具。 Excel在将Excel文件加载到内存时没有正确地验证电子表格内嵌图表中的AxesSet记录，如果XLS文件中包含有越界的数组值的话，则用户受骗打开了该文件的话就可能触发内存破坏，导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP3 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Exc...

Microsoft Excel凭据缓存漏洞（MS08-043）

BUGTRAQ ID: 30641 CVECAN ID: CVE-2008-3003 Excel是Microsoft Office办公软件套件中的电子表格工具。 Excel在实现访问认证时存在漏洞，如果.xlsx文件配置为不保存远程数据会话口令的话，Excel就无法正确地从connections.xml删除PWD字符串，这允许用户获得敏感信息并获得对远程数据源的访问。 Microsoft Excel 2007 SP1 Microsoft Excel 2007 Microsoft Office 2008 for Mac 临时解决方法： 在.xlsx文件内编辑connections...

Microsoft Excel FORMAT记录无效数组索引漏洞（MS08-043）

BUGTRAQ ID: 30639 CVECAN ID: CVE-2008-3005 Excel是Microsoft Office办公软件套件中的电子表格工具。 Excel没有正确地处理电子表格中的FORMAT记录，如果电子表格中包含有越界数组索引的话，则打开该文件就会导致Excel向栈内存的任意位置写入一个字节，成功利用这个漏洞允许以当前登录用户的权限执行任意指令。 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac...

MS08-043: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

The remote host is running a version of Microsoft Excel that is subject to various flaws that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have i...

Microsoft Excel Axisparent Record Index Handling Code Execution (MS08-043; CVE-2008-3004)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel handles index values. The vulnerability is due to an error in Microsoft Excel that fails to properly validate index values when loading Excel files into memor...