|
|
|
|
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx
|
| |
Affected Software:
Office Suite and Other Software - Maximum Security Impact - Aggregate Severity Rating - Bulletins Replaced by this Update
* Microsoft Office 2000 Service Pack 3 (KB947361) - Remote Code Execution - Critical - MS07-025
* Microsoft Office XP Service Pack 3 (KB947866) - Remote Code Execution - Important - MS07-025
* Microsoft Office 2003 Service Pack 2 (KB947355) - Remote Code Execution - Important - None
* Microsoft Office Excel Viewer 2003 (KB947355) and Microsoft Office Excel Viewer 2003 Service Pack 3 (KB947355) - Remote Code Execution - Important - None
* Microsoft Office 2004 for Mac (KB949357) - Remote Code Execution - Important - MS08-013
Non-Affected Software:
* Microsoft Office 2003 Service Pack 3
* Microsoft PowerPoint Viewer 2003
* Microsoft Visio 2002 Service Pack 2
* Microsoft Visio 2003 Viewer
* Microsoft Word Viewer 2003
* Microsoft Project 2000 Service Pack 1
* Microsoft Project 2002 Service Pack 2
* 2007 Microsoft Office System
* 2007 Microsoft Office System Service Pack 1
* Microsoft Office 2008 for Mac
Microsoft Office Cell Parsing Memory Corruption Vulnerability - CVE-2008-0113
A remote code execution vulnerability exists in the way Microsoft Office handles specially crafted Excel files. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
CVE Information:
CVE-2008-0113
Microsoft Office Memory Corruption Vulnerability - CVE-2008-0118
A remote code execution vulnerability exists in the way Microsoft Office processes malformed Office files. An attacker could exploit the vulnerability by creating a malformed Office file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
CVE Information:
CVE-2008-0118
|
|
|
|
|
