Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2008-4019 to a friend New vulnerability? New tool? Tell us	CVE-2008-4019 Vulnerabilities in Microsoft Excel Allows Code Execution (MS08-057)     Credit: The information has been provided by Microsoft Product Security. The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2008-4019 Details Check for CVE-2008-4019 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Affected Software:  * Microsoft Office 2000 Service Pack 3 - Excel 2000 Service Pack 3 (KB955461) - Remote Code Execution - Critical - MS08-043  * Microsoft Office XP Service Pack 3 - Excel 2002 Service Pack 3 (KB955464) - Remote Code Execution - Important - MS08-043  * Microsoft Office 2003 Service Pack 2 - Excel 2003 Service Pack 2 (KB955466) - Remote Code Execution - Important - MS08-043  * Microsoft Office 2003 Service Pack 3 - Excel 2003 Service Pack 3 (KB955466) - Remote Code Execution - Important - MS08-043  * 2007 Microsoft Office System - Excel 2007 (KB955470) - Remote Code Execution - Important - MS08-043  * 2007 Microsoft Office System Service Pack 1 - Excel 2007 Service Pack 1 (KB955470) - Remote Code Execution - Important - MS08-043  * Microsoft Office Excel Viewer 2003 (KB955468) - Remote Code Execution - Important - MS08-043  * Microsoft Office Excel Viewer 2003 Service Pack 3 (KB955468) - Remote Code Execution - Important - MS08-043  * Microsoft Office Excel Viewer (KB955935) - Remote Code Execution - Important - MS08-043  * Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (KB955936) - Remote Code Execution - Important - MS08-043  * Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 (KB955936) - Remote Code Execution - Important - MS08-043  * Microsoft Office SharePoint Server 2007* (KB955937) - Remote Code Execution - Important - MS08-043  * Microsoft Office SharePoint Server 2007 Service Pack 1* (KB955937) - Remote Code Execution - Important - MS08-043  * Microsoft Office SharePoint Server 2007 x64 Edition* (KB955937) - Remote Code Execution - Important - MS08-043  * Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1* (KB955937) - Remote Code Execution - Important - MS08-043  * Microsoft Office 2004 for Mac (KB958312) - Remote Code Execution - Important - MS08-043  * Microsoft Office 2008 for Mac (KB958267) - Remote Code Execution - Important - MS08-043  * Open XML File Format Converter for Mac (KB958304) - Remote Code Execution - Important - None *This update applies to servers that have Excel Services installed, such as the default configuration of Microsoft Office SharePoint Server 2007 Enterprise and Microsoft Office SharePoint Server 2007 For Internet Sites. Microsoft Office SharePoint Server 2007 Standard does not include Excel Services. Non-Affected Software:  * Microsoft Works 8.0  * Microsoft Works 8.5  * Microsoft Works 9.0  * Microsoft Works Suite 2005  * Microsoft Works Suite 2006  * Microsoft Office SharePoint Server 2003 Service Pack 3 Calendar Object Validation Vulnerability - CVE-2008-3477 A remote code execution vulnerability exists in the way Excel processes a VBA Performance Cache. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file in a VBA Performance Cache. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE Information: CVE-2008-3477 File Format Parsing Vulnerability - CVE-2008-3471 A remote code execution vulnerability exists in Microsoft Excel as a result of improper memory allocation when loading Excel objects. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE Information: CVE-2008-3471 Formula Parsing Vulnerability - CVE-2008-4019 The specific flaw exists when parsing Microsoft Excel documents containing a specially crafted formula embedded inside a cell. This can result in a remote compromise of the system under the context of the currently logged in user. CVE Information: CVE-2008-4019  Comments on CVE-2008-4019:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®