|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763
|
| |
Vulnerable Systems:
* Office 2000 SP3 fully patched as of July 2008.
This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation.
iDefense's proof of concept code can redirect the program execution flow to a user controllable address on Excel 2000 SP3, and crash on other versions of Excel, including Excel XP SP3, Excel 2003 SP3 and Excel 2007 SP1.
Analysis:
Exploitation allows an attacker to execute arbitrary code in the context of the currently logged-on user. To exploit this vulnerability, the attacker must persuade a user to open a specially crafted Excel (XLS) document.
Likely attack vectors include sending the file as an e-mail attachment or linking to the file on a website. By default, systems with Office 2000 installed will open Office documents, including Excel spreadsheet files, from websites without prompting the user. This allows attackers to exploit this vulnerability without user interaction. Later versions of Office do not open these documents automatically unless the user has chosen this behavior.
Using the Office Document Open Confirmation Tool for Office 2000 can prevent Office files from opening automatically from web sites. Use of this tool is highly recommended for users still using Office 2000.
Vendor response:
Microsoft Corp. has released a patch which addresses this issue. For more information, consult their advisory at the following URL.
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
CVE Information:
CVE-2008-4265
Disclosure timeline:
07/21/2008 - Initial Vendor Notification
07/22/2008 - Initial Vendor Reply
07/24/2008 - Additional Vendor Feedback
12/09/2008 - Coordinated Public Disclosure
|
|
|
|
|
