|
|
|
|
| |
Credit:
The original article can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
|
| |
Affected Software:
Microsoft Office 2000 Service Pack 3
Microsoft Word 2000 - Download the update (KB905553)
Microsoft Excel 2000 - Download the update (KB905757)
Microsoft Outlook 2000 - Download the update (KB905646)
Microsoft PowerPoint 2000 - Download the update (KB905555)
Microsoft Office 2000 MultiLanguage Packs Download the update (KB905646)
Microsoft Office XP Service Pack 3
Microsoft Word 2002 - Download the update (KB905754)
Microsoft Excel 2002 - Download the update (KB905755)
Microsoft Outlook 2002 - Download the update (KB905649)
Microsoft PowerPoint 2002 - Download the update (KB905758)
Microsoft Office XP Multilingual User Interface Packs Download the update (KB905649)
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft Excel 2003 - Download the update (KB905756)
Microsoft Excel 2003 Viewer - Download the update (KB914451)
Microsoft Works Suites:
Microsoft Works Suite 2000 - (same as Microsoft Word 2000 update)
Microsoft Works Suite 2001 - (same as Microsoft Word 2000 update)
Microsoft Works Suite 2002 - (same as the Microsoft Word 2002 update)
Microsoft Works Suite 2003 - (same as the Microsoft Word 2002 update)
Microsoft Works Suite 2004 - (same as the Microsoft Word 2002 update)
Microsoft Works Suite 2005 - (same as the Microsoft Word 2002 update)
Microsoft Works Suite 2006 - (same as the Microsoft Word 2002 update)
Microsoft Office X for Mac - Download the update
Microsoft Excel X for Mac
Microsoft Office 2004 for Mac - Download the update
Microsoft Excel 2004 for Mac
Non-Affected Software:
Microsoft Office Excel 2000 Viewer
Microsoft Office Excel 2002 Viewer
Microsoft Word 2003
Microsoft Outlook 2003
Microsoft PowerPoint 2003
Microsoft Office Excel Remote Code Execution Using a Malformed Range Vulnerability - CVE-2005-4131:
A remote code execution vulnerability exists in Excel using a malformed range. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Mitigating Factors for Microsoft Office Excel Remote Code Execution Using a Malformed Range Vulnerability - CVE-2005-4131:
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* When running Office XP or Office 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
* On Office XP and Office 2003, this vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
FAQ for Microsoft Office Excel Remote Code Execution Using a Malformed Range Vulnerability - CVE-2005-4131:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
What causes the vulnerability?
When Excel opens a specially crafted Excel using a malformed range, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update removes the vulnerability by modifying the way that Excel validates the length of a message before it passes the message to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
Yes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2005-4131. It also has been named Excel eBay Vulnerability by the larger security community.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
Microsoft Office Excel Remote Code Execution Using a Malformed File Format Parsing Vulnerability - CVE-2006-0028:
A remote code execution vulnerability exists in Excel using a malformed parsing format file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Mitigating Factors for Microsoft Office Excel Remote Code Execution using a Malformed File Format Parsing Vulnerability - CVE-2006-0028:
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
When running Office XP or Office 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
On Office XP and Office 2003, this vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Workarounds for Microsoft Office Excel Remote Code Execution using a Malformed File Format Parsing Vulnerability - CVE-2006-0028:
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Do not open or save Microsoft Excel files that you receive from un-trusted sources.
This vulnerability could be exploited when a user opens a file.
FAQ for Microsoft Office Excel Remote Code Execution using a Malformed File Format Parsing Vulnerability - CVE-2006-0028:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
What causes the vulnerability?
When Excel opens a specially crafted Excel file using malformed parsing format file, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update removes the vulnerability by modifying the way that Excel validates the length of a message before it passes the message to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
Microsoft Office Excel Remote Code Execution Using a Malformed Description Vulnerability - CVE-2006-0029:
A remote code execution vulnerability exists in Excel using a malformed description. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Mitigating Factors for Microsoft Office Excel Remote Code Execution Using a Malformed Description Vulnerability - CVE-2006-0029:
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* When running Office XP or Office 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
* On Office XP and Office 2003, this vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Workarounds for Microsoft Office Excel Remote Code Execution Using a Malformed Description Vulnerability - CVE-2006-0029:
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Do not open or save Microsoft Excel files that you receive from un-trusted sources.
This vulnerability could be exploited when a user opens a file.
FAQ for Microsoft Office Excel Remote Code Execution Using a Malformed Description Vulnerability - CVE-2006-0029:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
What causes the vulnerability?
When Excel opens a specially crafted Excel file using a malformed description, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update removes the vulnerability by modifying the way that Excel validates the length of a message before it passes the message to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
Microsoft Office Excel Remote Code Execution Using a Malformed Graphic Vulnerability - CVE-2006-0030 :
A remote code execution vulnerability exists in Excel using malformed graphic. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Mitigating Factors for Microsoft Office Excel Remote Code Execution Using a Malformed Graphic Vulnerability - CVE-2006-0030:
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* When running Office XP or Office 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
* On Office XP and Office 2003, this vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Workarounds for Microsoft Office Excel Remote Code Execution Using a Malformed Graphic Vulnerability - CVE-2006-0030:
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Do not open or save Microsoft Excel files that you receive from un-trusted sources.
This vulnerability could be exploited when a user opens a file.
FAQ for Microsoft Office Excel Remote Code Execution Using a Malformed Graphic Vulnerability - CVE-2006-0030:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
What causes the vulnerability?
When Excel opens a specially crafted Excel file using a malformed graphic, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update removes the vulnerability by modifying the way that Excel validates the length of a message before it passes the message to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
Yes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure numberCVE-2006-0030
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
Microsoft Office Excel Remote Code Execution Using a Malformed Record Vulnerability - CVE-2006-0031:
A remote code execution vulnerability exists in Excel using a malformed record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Mitigating Factors for Microsoft Office Excel Remote Code Execution Using a Malformed Record Vulnerability - CVE-2006-0031:
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* When running Office XP or Office 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
* On Office XP and Office 2003, this vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Workarounds for Microsoft Office Excel Remote Code Execution Using a Malformed Record Vulnerability - CVE-2006-0031:
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Do not open or save Microsoft Excel files that you receive from un-trusted sources.
This vulnerability could be exploited when a user opens a file.
FAQ for Microsoft Office Excel Remote Code Execution Using a Malformed Record Vulnerability - CVE-2006-0031:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
What causes the vulnerability?
When Excel opens a specially crafted Excel file using a malformed record, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update removes the vulnerability by modifying the way that Excel validates the length of a message before it passes the message to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability - CVE-2006-0009:
A remote code execution vulnerability exists in Office. An attacker could exploit the vulnerability by constructing a specially crafted routing slip within an Office document that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Mitigating Factors for Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability - CVE-2006-0009:
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* On Office XP and Office 2003, this vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
* When running Office XP or Office 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message
Workarounds for Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability - CVE-2006-0009:
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Do not open or save Microsoft Office files that you receive from un-trusted sources.
This vulnerability could be exploited when a user opens a file.
FAQ for Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability - CVE-2006-0009:
What is the scope of the vulnerability?
A remote code execution vulnerability exists in Office. An attacker could exploit the vulnerability by constructing a specially crafted routing slip within an Office document that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
What causes the vulnerability?
When Office opens a crafted routing slip within an Office document, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
What is a routing slip?
Microsoft Office applications have the ability to add a "routing slip" to an Office document. Document Routing facilitates the flow of information among a group of users. With Document Routing features as part of a client application, a user can route any type of file to co-workers by attaching it to an e-mail message. It can be sent either to one person at a time or to the group simultaneously. This feature works the same as the File Send option in Office applications, using the same dialogs
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
What does the update do?
The update removes the vulnerability by modifying the way that Office validates the length of data in the file before it passes the file to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
|
|
|
|
|
