Microsoft Excel畸形BIFF记录远程代码执行漏洞(MS09-067)

Bugraq ID: 36946
CVE ID：CVE-2009-3130

Microsoft Excel是一款微软开发的电子表格处理程序。
Microsoft Office Excel存在一个远程代码执行漏洞，如果用户打开一个特殊构建的包含畸形的BIFF记录的Excel文件可允许远程代码执行。
成功利用此漏洞允许完全控制受影响系统，攻击者成功利用此漏洞可以以内核权限安装程序；查看，更改或删除数据等。

Microsoft Open XML File Format Converter for Mac
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
Microsoft Excel 2002 SP3
Microsoft Excel 2002 SP2
Microsoft Excel 2002 SP1
Microsoft Excel 2002
用户可参考如下微软提供的安全补丁：
Microsoft Open XML File Format Converter for Mac 0
Microsoft Open XML File Format Converter for Mac 1.1.3
http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217 -497e-8f65-4347f2544ed6
Microsoft Office 2008 for Mac 0
Microsoft Microsoft Office 2008 for Mac 12.2.3 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda -451e-9ead-69e10aee7928
Microsoft Excel 2002 SP3
Microsoft Security Update for Microsoft Excel 2002 (KB973471)
http://www.microsoft.com/downloads/details.aspx?familyid=5672c8fc-8509 -4962-ad86-ebc0f2575043
Microsoft Office 2004 for Mac 0
Microsoft Microsoft Office 2004 for Mac 11.5.6 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28 -4ecf-937c-99c4b60c7c8e