Test ID:	1.3.6.1.4.1.25623.1.0.900670
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS09-021.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-021. Vulnerability Insight: The flaws are due to - an array-indexing error when processing certain records by using corrupted object. - a boundary error when parsing certain records by opening a specially crafted Excel file. - an integer overflow error when processing the number of strings in a file. Vulnerability Impact: Successful exploitation could execute arbitrary code on the remote system and corrupt memory, buffer overflow via a specially crafted Excel file. Affected Software/OS: - Microsoft Excel Viewer 2003/2007 - Microsoft Office Excel 2000/2002/2003/2007 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0549 BugTraq ID: 35215 http://www.securityfocus.com/bid/35215 Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html Microsoft Security Bulletin: MS09-021 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021 http://osvdb.org/54952 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830 http://www.securitytracker.com/id?1022351 http://www.vupen.com/english/advisories/2009/1540 Common Vulnerability Exposure (CVE) ID: CVE-2009-0557 BugTraq ID: 35241 http://www.securityfocus.com/bid/35241 http://osvdb.org/54953 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5564 Common Vulnerability Exposure (CVE) ID: CVE-2009-0558 BugTraq ID: 35242 http://www.securityfocus.com/bid/35242 Bugtraq: 20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504188/100/0/threaded http://secunia.com/secunia_research/2009-1/ http://osvdb.org/54954 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525 Common Vulnerability Exposure (CVE) ID: CVE-2009-0559 BugTraq ID: 35243 http://www.securityfocus.com/bid/35243 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6273 Common Vulnerability Exposure (CVE) ID: CVE-2009-0560 BugTraq ID: 35244 http://www.securityfocus.com/bid/35244 http://osvdb.org/54956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6178 Common Vulnerability Exposure (CVE) ID: CVE-2009-0561 BugTraq ID: 35245 http://www.securityfocus.com/bid/35245 Bugtraq: 20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504190/100/0/threaded http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=805 http://secunia.com/secunia_research/2009-12/ http://osvdb.org/54957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5925 Common Vulnerability Exposure (CVE) ID: CVE-2009-1134 BugTraq ID: 35246 http://www.securityfocus.com/bid/35246 Bugtraq: 20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504213/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-040/ http://osvdb.org/54958 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.