|
|
|
|
| |
Credit:
The information has been provided by ZDI Disclosures.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-09-040
|
| |
Vulnerable Systems:
* Microsoft Office Excel 2007 and prior
The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. Successful exploitation of this can lead to a remote compromise of the affected system running under the credentials of the currently logged in user.
Patch Availability:
Excel 2007 (all editions): Excel Viewer, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats http://office.microsoft.com/en-us/downloads/default.aspx
CVE Information:
CVE-2009-1134
Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx
Disclosure Timeline:
2009-03-26 - Vulnerability reported to vendor
2009-06-10 - Coordinated public release of advisory
|
|
|
|
|
