Windows : Microsoft Bulletins : Microsoft Excel Remote Code Execution Vulnerability (956416)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900048

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Excel Remote Code Execution Vulnerability (956416)

Resumen: This host is missing critical security update according to; Microsoft Bulletin MS08-057.

Descripción: Summary:
This host is missing critical security update according to
Microsoft Bulletin MS08-057.

Vulnerability Insight:
The flaws are due to

- insufficient validation of data in a VBA Performance Cache.

- an error in the loading of Excel objects, which in corrupt memory via
a specially crafted file.

- an integer overflow in the REPT function when handling formulas inside
cells.

Vulnerability Impact:
Remote attackers could corrupt memory via a specially
crafted Excel (.xls) files.

Affected Software/OS:
- Microsoft Execel 2002/XP/2003/2007

- Microsoft Execel Viewer 2003/2007

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3471
BugTraq ID: 31705
http://www.securityfocus.com/bid/31705
Cert/CC Advisory: TA08-288A
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
HPdes Security Advisory: HPSBST02379
http://marc.info/?l=bugtraq&m=122479227205998&w=2
HPdes Security Advisory: SSRT080143
http://www.zerodayinitiative.com/advisories/ZDI-08-068/
Microsoft Security Bulletin: MS08-057
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750
http://www.securitytracker.com/id?1021044
http://secunia.com/advisories/32211
http://www.vupen.com/english/advisories/2008/2808
XForce ISS Database: excel-file-format-code-execution(45579)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45579
XForce ISS Database: win-ms08kb956416-update(45581)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45581
Common Vulnerability Exposure (CVE) ID: CVE-2008-3477
BugTraq ID: 31702
http://www.securityfocus.com/bid/31702
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870
XForce ISS Database: excel-calendar-code-execution(45566)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45566
Common Vulnerability Exposure (CVE) ID: CVE-2008-4019
BugTraq ID: 31706
http://www.securityfocus.com/bid/31706
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102
XForce ISS Database: excel-rept-code-execution(45580)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45580

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900048
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Excel Remote Code Execution Vulnerability (956416)
Resumen:	This host is missing critical security update according to; Microsoft Bulletin MS08-057.
Descripción:	Summary: This host is missing critical security update according to Microsoft Bulletin MS08-057. Vulnerability Insight: The flaws are due to - insufficient validation of data in a VBA Performance Cache. - an error in the loading of Excel objects, which in corrupt memory via a specially crafted file. - an integer overflow in the REPT function when handling formulas inside cells. Vulnerability Impact: Remote attackers could corrupt memory via a specially crafted Excel (.xls) files. Affected Software/OS: - Microsoft Execel 2002/XP/2003/2007 - Microsoft Execel Viewer 2003/2007 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3471 BugTraq ID: 31705 http://www.securityfocus.com/bid/31705 Cert/CC Advisory: TA08-288A http://www.us-cert.gov/cas/techalerts/TA08-288A.html HPdes Security Advisory: HPSBST02379 http://marc.info/?l=bugtraq&m=122479227205998&w=2 HPdes Security Advisory: SSRT080143 http://www.zerodayinitiative.com/advisories/ZDI-08-068/ Microsoft Security Bulletin: MS08-057 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5750 http://www.securitytracker.com/id?1021044 http://secunia.com/advisories/32211 http://www.vupen.com/english/advisories/2008/2808 XForce ISS Database: excel-file-format-code-execution(45579) https://exchange.xforce.ibmcloud.com/vulnerabilities/45579 XForce ISS Database: win-ms08kb956416-update(45581) https://exchange.xforce.ibmcloud.com/vulnerabilities/45581 Common Vulnerability Exposure (CVE) ID: CVE-2008-3477 BugTraq ID: 31702 http://www.securityfocus.com/bid/31702 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870 XForce ISS Database: excel-calendar-code-execution(45566) https://exchange.xforce.ibmcloud.com/vulnerabilities/45566 Common Vulnerability Exposure (CVE) ID: CVE-2008-4019 BugTraq ID: 31706 http://www.securityfocus.com/bid/31706 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6102 XForce ISS Database: excel-rept-code-execution(45580) https://exchange.xforce.ibmcloud.com/vulnerabilities/45580
Copyright	Copyright (C) 2008 Greenbone AG