ID de Prueba:	1.3.6.1.4.1.25623.1.0.900028
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
Resumen:	This host is missing critical security update according to; Microsoft Bulletin MS08-043.
Descripción:	Summary: This host is missing critical security update according to Microsoft Bulletin MS08-043. Vulnerability Insight: Multiple flaws exist due to: - index values are not properly validated when loading Excel files into memory. - an error during processing/parsing of certain array indexes and record values when loading Excel files into memory. - a password strings to remote data sources are not being properly deleted even when configured to not store credentials. Vulnerability Impact: Remote attackers could be able to corrupt memory locations via a specially crafted Excel (.xls) files. Affected Software/OS: - Microsoft Excel 2002/XP/2003/2007 - Microsoft Excel Viewer 2003/2007 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3003 BugTraq ID: 30641 http://www.securityfocus.com/bid/30641 Cert/CC Advisory: TA08-225A http://www.us-cert.gov/cas/techalerts/TA08-225A.html HPdes Security Advisory: HPSBST02360 http://marc.info/?l=bugtraq&m=121915960406986&w=2 HPdes Security Advisory: SSRT080117 Microsoft Security Bulletin: MS08-043 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5951 http://www.securitytracker.com/id?1020669 http://secunia.com/advisories/31454 http://www.vupen.com/english/advisories/2008/2347 Common Vulnerability Exposure (CVE) ID: CVE-2008-3004 BugTraq ID: 30638 http://www.securityfocus.com/bid/30638 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=740 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5885 http://www.securitytracker.com/id?1020670 Common Vulnerability Exposure (CVE) ID: CVE-2008-3005 BugTraq ID: 30639 http://www.securityfocus.com/bid/30639 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5837 http://www.securitytracker.com/id?1020671 Common Vulnerability Exposure (CVE) ID: CVE-2008-3006 BugTraq ID: 30640 http://www.securityfocus.com/bid/30640 Bugtraq: 20080812 ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/495428/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-048/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5561 http://www.securitytracker.com/id?1020672 http://secunia.com/advisories/31455
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.