|Title:||Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities|
|Summary:||Check for the version of Microsoft Excel|
Overview: This host is installed with Microsoft Office Excel and is prone to
multiple remote code execution vulnerabilities.
The flaws are due to:
- An error in the usage of a specific field used for incrementing an array
index. The application will copy the contents of the specified element into
a statically sized buffer on the stack.
- An error in parsing Office Art record, when parsing an office art object
record, if an error occurs, the application will add a stray reference to an
element which is part of a linked list. When receiving a window message,
the application will proceed to navigate this linked list. This will
access a method from the malformed object which can lead to code execution
under the context of the application.
Successful exploitation will allow attacker to execute arbitrary code, can
cause memory corruption and other attacks in the context of the application
through crafted Excel file.
Impact Level: System
Microsoft Office Excel 2010
Fix: No solution or patch is available as of 17th February, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://office.microsoft.com/en-us/excel/
BugTraq ID: 46225|
Common Vulnerability Exposure (CVE) ID: CVE-2011-0978
Microsoft Security Bulletin: MS11-021
Cert/CC Advisory: TA11-102A
Common Vulnerability Exposure (CVE) ID: CVE-2011-0979
|Copyright||Copyright (C) 2011 Greenbone Networks GmbH|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.