|
|
| |
| A remotely exploitable vulnerability has been discovered in Microsoft Office Excel products. Specifically, the vulnerability is due to a design error encountered when parsing Excel files which contain malformed records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file. |
| |
Credit:
The information has been provided by TELUS Security Labs.
The original article can be found at: http://telussecuritylabs.com/threats/show/FSC20090609-01
|
| |
Vulnerable Systems:
* Microsoft Office Excel 2000
* Microsoft Office Excel 2002
A remote attacker can exploit the vulnerability by sending a malicious Excel file to the target system and enticing the target user to open it. A successful code execution attempt will result in the execution of arbitrary code within the security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of the Microsoft Office Excel application.
Patch Availability:
Microsoft has released a bulletin addressing this vulnerability. Reference: http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx
Disclosure Timeline:
2008-12-23 Reported to vendor
2008-12-23 Initial vendor response
2009-06-09 Vendor disclosure
|
|
|
