Title

Microsoft Excel Remote Code Execution Vulnerabilities (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities affecting Microsoft Excel. To exploit these vulnerabilities, an attacker would entice a user to open a malicious Excel file hosted on a web site or sent via email. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code and compromise affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Excel Insufficient Record Validation Vulnerability - (CVE-2011-1272): A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. The vulnerability is caused when Microsoft Excel insufficiently validates Excel record structures while parsing specially crafted Excel files Excel Improper Record Parsing Vulnerability - CVE-2011-1273 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Excel Out of Bounds Array Access Vulnerability - CVE-2011-1274 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Excel Memory Heap Overwrite Vulnerability - CVE-2011-1275 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Excel Buffer Overrun Vulnerability - CVE-2011-1276 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Excel Memory Corruption Vulnerability - CVE-2011-1277 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Excel WriteAV Vulnerability- CVE-2011-1278 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Excel Out of Bounds WriteAV Vulnerability - CVE-2011-1279 A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code.

Check Content

See IAVM notice and Microsoft Bulletin MS11-045 (2537146) for additional information. Vulnerable Applications/Systems: Microsoft Office Suites and Components Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office 2007 SP2 [1] Microsoft Office 2010 (x86 and x64) Other Microsoft Office Software Microsoft Excel Viewer SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 [1]For Microsoft Office Excel 2007 Service Pack 2, in addition to security update package KB2541007, customers also need to install the security update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 (KB2541012) to be protected from the vulnerabilities described in this bulletin. Excel.exe Excel 2002 - 10.0.6871.0 Excel 2003 - 11.0.8335.0 Excel 2007 - 12.0.6557.5000 Excel 2010 - 14.0.5138.5000 Xlview.exe Excel Viewer - 12.0.6557.5000 Excelcnv.exe Office Compatibility Pack - 12.0.6557.5000

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-28583

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.