ID de Prueba:	1.3.6.1.4.1.25623.1.0.900670
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-021.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-021. Vulnerability Insight: The flaws are due to - an array-indexing error when processing certain records by using corrupted object. - a boundary error when parsing certain records by opening a specially crafted Excel file. - an integer overflow error when processing the number of strings in a file. Vulnerability Impact: Successful exploitation could execute arbitrary code on the remote system and corrupt memory, buffer overflow via a specially crafted Excel file. Affected Software/OS: - Microsoft Excel Viewer 2003/2007 - Microsoft Office Excel 2000/2002/2003/2007 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0549 BugTraq ID: 35215 http://www.securityfocus.com/bid/35215 Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html Microsoft Security Bulletin: MS09-021 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 http://osvdb.org/54952 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830 http://www.securitytracker.com/id?1022351 http://www.vupen.com/english/advisories/2009/1540 Common Vulnerability Exposure (CVE) ID: CVE-2009-0557 BugTraq ID: 35241 http://www.securityfocus.com/bid/35241 http://osvdb.org/54953 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564 Common Vulnerability Exposure (CVE) ID: CVE-2009-0558 BugTraq ID: 35242 http://www.securityfocus.com/bid/35242 Bugtraq: 20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504188/100/0/threaded http://secunia.com/secunia_research/2009-1/ http://osvdb.org/54954 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525 Common Vulnerability Exposure (CVE) ID: CVE-2009-0559 BugTraq ID: 35243 http://www.securityfocus.com/bid/35243 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273 Common Vulnerability Exposure (CVE) ID: CVE-2009-0560 BugTraq ID: 35244 http://www.securityfocus.com/bid/35244 http://osvdb.org/54956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178 Common Vulnerability Exposure (CVE) ID: CVE-2009-0561 BugTraq ID: 35245 http://www.securityfocus.com/bid/35245 Bugtraq: 20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504190/100/0/threaded http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 http://secunia.com/secunia_research/2009-12/ http://osvdb.org/54957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925 Common Vulnerability Exposure (CVE) ID: CVE-2009-1134 BugTraq ID: 35246 http://www.securityfocus.com/bid/35246 Bugtraq: 20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504213/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-040/ http://osvdb.org/54958 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.