|
|
|
|
| |
| A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. |
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx
|
| |
Vulnerable Systems:
* Microsoft Office 2000 Software Service Pack 3 - Download the update (KB873372)
* Microsoft Office XP Software Service Pack 2 - Download the update (KB873366)
* Microsoft Office 2001 for Mac - Download the update
* Microsoft Office v. X for Mac - Download the update
Immune Systems:
* Microsoft Office XP Service Pack 3
* Microsoft Office Excel 2003
* Microsoft Office 2003 Service Pack 1
* Microsoft Excel 2004 for Mac
CVE Information:
CAN-2004-0846
A remote code execution vulnerability exists in Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system.
Mitigating Factors for Excel Vulnerability
* In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. At this point a user could be exploited.
* An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
* The vulnerability can not be exploited automatically through e-mail. For an attack to be successful through e-mail, a user must open an attachment that is sent in an e-mail message.
* Excel 2001 for Mac users and Excel v. X for Mac users are prompted to download an Excel file before they open it. Therefore, a user may not be exploited by an attacker upon an initial visit to a web site.
* Office XP Service Pack 3 is not affected by this vulnerability.
* Office 2003 and Office 2003 Service Pack 1 are not affected by this vulnerability.
* Excel 2004 for Mac is not affected by this vulnerability.
FAQ for Excel Vulnerability
What is the scope of the vulnerability ?
This is a remote code execution vulnerability. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
How could an attacker exploit the vulnerability ?
An attacker could host a malicious Excel file on a web site and persuade a user to click a link to the file. The file could then be executed allowing the attacker to execute code of their choice. An attacker could also attempt to exploit the vulnerability by sending a specially crafted file in email.
What systems are primarily at risk from the vulnerability ?
Workstations and terminal servers are primarily at risk. Servers are only at risk if users who do not have sufficient administrative credentials are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
Are all versions of Office and Excel affected by this vulnerability ?
No. Office XP Service Pack 3, Office 2003 and Excel 2003, Office 2003 Service Pack 1, and Excel 2004 for Mac are not affected.
When this security bulletin was issued, had this vulnerability been publicly disclosed ?
No. Microsoft received information about this vulnerability through responsible disclosure.
What does the update do ?
The patch removes the vulnerability by making sure that Excel correctly validates parameters when it opens an Excel file.
|
|
|
|
|
|
|
