VUPEN Security Research - Microsoft Office Excel Code Execution
Vulnerabilities
http://www.vupen.com/english/research.php
I. BACKGROUND ---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use." from microsoft.com
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered four critical vulnerabilities
affecting Microsoft Office Excel.
These vulnerabilities are caused by memory corruptions, invalid index,
and invalid pointer errors when processing malformed Excel documents,
which could allow attackers to execute arbitrary code via a specially
crafted XLS file.
VUPEN-SR-2008-10 - Microsoft Office Excel Records Parsing Memory Corruption
VUPEN-SR-2008-09 - Microsoft Office Excel Index Parsing Memory Corruption
VUPEN-SR-2008-08 - Microsoft Office Excel Formula Parsing Memory Corruption
VUPEN-SR-2008-07 - Microsoft Office Excel Document Processing Heap Overflow
Code execution exploits and PoCs have been developed by VUPEN Security
and are available with the in-depth binary analysis of the flaws
through the VUPEN Exploits & PoCs Service.
V. SOLUTION ----------------
Apply MS09-067 patches :
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
VI. CREDIT --------------
The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security
VUPEN is a leading provider of vulnerability analysis and alerts,
and commercial-grade exploits which enable corporations and institutions
to eliminate vulnerabilities before they can be exploited by attackers,
to ensure security policy compliance, and meaningfully measure and manage
risks.
VUPEN also provides research services for security vendors (antivirus,
IDS, IPS, vulnerability scanning, etc) to supplement their
internal vulnerability research efforts and quickly develop
vulnerability-based signatures, rules, and filters, and proactively
protect their customers against potential threats.
http://www.vupen.com/english/services
http://www.vupen.com/english/research.php
http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3133