|
|
|
Credit:
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901
|
|
Vulnerable Systems:
* Microsoft Excel 2002 SP3
* Microsoft Excel 2003 SP3
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
* Microsoft Open XML File Format Converter for Mac
Immune Systems:
N/A
Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user.
The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. Attackers typically accomplish this by e-mailing a targeted user the file or hosting the file on a Web page.
Patch Availability:
Microsoft Corp. has released patches which address this issue.
Information about downloadable vendor updates can be found by clicking on the URL shown below:
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx
CVE Information:
CVE-2011-0103
Disclosure Timeline:
09/09/2010 Initial Vendor Notification
09/09/2010 Initial Vendor Reply
04/12/2011 Coordinated Public Disclosure
|
|
|
|