Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.900887 |
Category: | Windows : Microsoft Bulletins |
Title: | Microsoft Office Excel Multiple Vulnerabilities (972652) |
Summary: | This host is missing a critical security update according to; Microsoft Bulletin MS09-067. |
Description: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-067. Vulnerability Insight: - An error in the parsing of Excel spreadsheets can be exploited to corrupt memory via a specially crafted Excel file. - An error in the processing of certain record objects can be exploited to corrupt memory via a specially crafted Excel file. - Another error in the processing of certain record objects can be exploited to corrupt memory via a specially crafted Excel file. - An error in the processing of Binary File Format (BIFF) records can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. - An error in the handling of formulas embedded inside a cell can be exploited to corrupt memory via a specially crafted Excel file. - An error when loading Excel formulas can be exploited to corrupt a pointer when a specially crafted Excel file is being opened. - An error when loading Excel records can be exploited to corrupt memory via a specially crafted Excel file. - An error when processing Excel record objects can be exploited via a specially crafted Excel file. Vulnerability Impact: Successful exploitation could execute arbitrary code on the remote system and corrupt memory, buffer overflow via a specially crafted Excel file. Affected Software/OS: - Microsoft Excel Viewer 2003/2007 - Microsoft Office Excel 2002/2003/2007 - Microsoft Office Compatibility Pack for Word, Excel, PowerPoint 2007 File Formats SP 1/2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 36943 BugTraq ID: 36944 BugTraq ID: 36945 BugTraq ID: 36946 BugTraq ID: 36908 BugTraq ID: 36909 BugTraq ID: 36911 BugTraq ID: 36912 Common Vulnerability Exposure (CVE) ID: CVE-2009-3127 Cert/CC Advisory: TA09-314A http://www.us-cert.gov/cas/techalerts/TA09-314A.html Microsoft Security Bulletin: MS09-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6146 http://www.securitytracker.com/id?1023157 Common Vulnerability Exposure (CVE) ID: CVE-2009-3128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6474 Common Vulnerability Exposure (CVE) ID: CVE-2009-3129 http://www.securityfocus.com/bid/36945 Bugtraq: 20091110 ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-11/0080.html http://www.exploit-db.com/exploits/14706 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=832 http://www.zerodayinitiative.com/advisories/ZDI-09-083 http://osvdb.org/59860 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6521 Common Vulnerability Exposure (CVE) ID: CVE-2009-3130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6137 Common Vulnerability Exposure (CVE) ID: CVE-2009-3131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6518 Common Vulnerability Exposure (CVE) ID: CVE-2009-3132 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6526 Common Vulnerability Exposure (CVE) ID: CVE-2009-3133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6265 Common Vulnerability Exposure (CVE) ID: CVE-2009-3134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5878 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |