Windows : Microsoft Bulletins : Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902727

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)

Zusammenfassung: This host is missing an important security update according to; Microsoft Bulletin MS11-072.

Beschreibung: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS11-072.

Vulnerability Insight:
The flaws are caused by memory corruption, array-indexing and use-after-free
errors when handling the crafted Excel files.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code
with the privileges of the user running the affected application.

Affected Software/OS:
- Microsoft Excel 2003 Service Pack 3

- Microsoft Excel 2007 Service Pack 2

- Microsoft Office 2007 Service Pack 2

- Microsoft Excel Viewer Service Pack 2

- Microsoft Excel 2010 Service Pack 1 and prior

- Microsoft Office 2010 Service Pack 1 and prior

- Microsoft Excel Services installed on Microsoft Office SharePoint Server 2007 Service Pack 2

- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1986
Cert/CC Advisory: TA11-256A
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Microsoft Security Bulletin: MS11-072
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12345
Common Vulnerability Exposure (CVE) ID: CVE-2011-1987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953
Common Vulnerability Exposure (CVE) ID: CVE-2011-1988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836
Common Vulnerability Exposure (CVE) ID: CVE-2011-1989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974
Common Vulnerability Exposure (CVE) ID: CVE-2011-1990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902727
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
Zusammenfassung:	This host is missing an important security update according to; Microsoft Bulletin MS11-072.
Beschreibung:	Summary: This host is missing an important security update according to Microsoft Bulletin MS11-072. Vulnerability Insight: The flaws are caused by memory corruption, array-indexing and use-after-free errors when handling the crafted Excel files. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code with the privileges of the user running the affected application. Affected Software/OS: - Microsoft Excel 2003 Service Pack 3 - Microsoft Excel 2007 Service Pack 2 - Microsoft Office 2007 Service Pack 2 - Microsoft Excel Viewer Service Pack 2 - Microsoft Excel 2010 Service Pack 1 and prior - Microsoft Office 2010 Service Pack 1 and prior - Microsoft Excel Services installed on Microsoft Office SharePoint Server 2007 Service Pack 2 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1986 Cert/CC Advisory: TA11-256A http://www.us-cert.gov/cas/techalerts/TA11-256A.html Microsoft Security Bulletin: MS11-072 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12345 Common Vulnerability Exposure (CVE) ID: CVE-2011-1987 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953 Common Vulnerability Exposure (CVE) ID: CVE-2011-1988 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836 Common Vulnerability Exposure (CVE) ID: CVE-2011-1989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 Common Vulnerability Exposure (CVE) ID: CVE-2011-1990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982
Copyright	Copyright (C) 2011 Greenbone AG