Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-0558 to a friend New vulnerability? New tool? Tell us	CVE-2009-0558 Microsoft Excel Record Parsing Array Indexing Vulnerability (MS09-021)     Credit: The information has been provided by Carsten Eiram. The original article can be found at: http://secunia.com/secunia_research/2009-1/ Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-0558 Details Check for CVE-2009-0558 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Microsoft Office Excel 2000  * Microsoft Office Excel 2002  * Microsoft Office Excel 2003  * Microsoft Office Excel 2007  * Microsoft Office 2004 for Mac  * Microsoft Office 2008 for Mac  * Open XML File Format Converter for Mac  * Microsoft Office Excel Viewer  * Microsoft Office Compatibility Pack This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying the way that Excel parses Excel files. Patch Availability: http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx CVE Information: CVE-2009-0558 Disclosure Timeline: 06/01/2009 - Vendor notified. 07/01/2009 - Vendor response. 08/01/2009 - Additional information provided to the vendor. 08/01/2009 - Vendor response. 19/02/2009 - Vendor provides status update. 24/04/2009 - Vendor provides status update. 22/05/2009 - Vendor provides status update. 09/06/2009 - Public disclosure.  Comments on CVE-2009-0558:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®