VUPEN Security Research - Microsoft Office Excel Code Execution Vulnerabilities
I. BACKGROUND ---------------------
"Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information to make more informed decisions. With the Microsoft Office Fluent user interface, rich data visualization, and PivotTable views, professional-looking charts are easier to create and use." from microsoft.com
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered four critical vulnerabilities affecting Microsoft Office Excel.
These vulnerabilities are caused by memory corruptions, invalid index, and invalid pointer errors when processing malformed Excel documents, which could allow attackers to execute arbitrary code via a specially crafted XLS file.
VUPEN-SR-2008-10 - Microsoft Office Excel Records Parsing Memory Corruption VUPEN-SR-2008-09 - Microsoft Office Excel Index Parsing Memory Corruption VUPEN-SR-2008-08 - Microsoft Office Excel Formula Parsing Memory Corruption VUPEN-SR-2008-07 - Microsoft Office Excel Document Processing Heap Overflow
Code execution exploits and PoCs have been developed by VUPEN Security and are available with the in-depth binary analysis of the flaws through the VUPEN Exploits & PoCs Service.
V. SOLUTION ----------------
Apply MS09-067 patches : http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
VI. CREDIT --------------
The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security
VUPEN is a leading provider of vulnerability analysis and alerts, and commercial-grade exploits which enable corporations and institutions to eliminate vulnerabilities before they can be exploited by attackers, to ensure security policy compliance, and meaningfully measure and manage risks.
VUPEN also provides research services for security vendors (antivirus, IDS, IPS, vulnerability scanning, etc) to supplement their internal vulnerability research efforts and quickly develop vulnerability-based signatures, rules, and filters, and proactively protect their customers against potential threats.
http://www.vupen.com/english/research.php http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3133