MA-165.062009: MyCERT Alert - Multiple Vulnerabilities in Microsoft Excel

1.0 Introduction

A few vulnerabilities have been reported in Microsoft Excel products and the vulnerabilities are as below:

1.1 Microsoft Excel Array Indexing Remote Code Execution

This vulnerability is reported in the following products and versions:

• Microsoft Open XML File Format Converter for Mac 0
• Microsoft Office Excel Viewer SP3
• Microsoft Office Excel Viewer 2003 SP3
• Microsoft Excel 2008 for Mac 0
• Microsoft Excel 2004 for Mac 0
• Microsoft Excel 2000 SR1
• Microsoft Excel 2000 SP3
• Microsoft Excel 2000 SP2
• Microsoft Excel 2000

1.2 Microsoft Excel Malformed Record Object Integer Overflow Vulnerability

This vulnerability is reported in the following products and versions:

• Microsoft SharePoint Server 2007 x64 SP2
• Microsoft SharePoint Server 2007 x64 SP1
• Microsoft SharePoint Server 2007 x64 0
• Microsoft SharePoint Server 2007 SP2
• Microsoft SharePoint Server 2007 SP1
• Microsoft SharePoint Server 2007 0
• Microsoft Open XML File Format Converter for Mac 0
• Microsoft Office Excel Viewer 2003 0
• Microsoft Office Excel Viewer SP3
• Microsoft Office Excel Viewer 2003 SP3
• Microsoft Office Compatibility Pack 2007 SP2
• Microsoft Office Compatibility Pack 2007 SP1
• Microsoft Office Compatibility Pack 2007 0
• Microsoft Excel Viewer 2003 0
• Microsoft Office 2003 SP1
• Microsoft Excel Viewer 2003 SP3
• Microsoft Excel Viewer 0
• Microsoft Excel 2008 for Mac 0
• Microsoft Excel 2007 SP2
• Microsoft Excel 2007 SP1
• Microsoft Excel 2007 0
• Microsoft Excel 2004 for Mac 0
• Microsoft Excel 2003 SP3
• Microsoft Excel 2003 SP2
• Microsoft Excel 2003 SP1
• Microsoft Office 2003 SP1
• Microsoft Excel 2003
• Microsoft Office 2003 0
• Microsoft Excel 2002 SP3
• Microsoft Office XP SP3
• Microsoft Excel 2002 SP2
• Microsoft Excel 2002 SP1
• Microsoft Excel 2002
• Microsoft Excel 2000 SR1
• Microsoft Excel 2000 SP3
• Microsoft Excel 2000 SP2
• Microsoft Excel 2000 0
• Microsoft Excel 2000

1.3 Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability

This vulnerability is reported in the following products and versions:

• Microsoft Office Excel 2000 Service Pack 3
• Microsoft Office Excel 2002 Service Pack 3
• Microsoft Office Excel 2003 Service Pack 3
• Microsoft Office Excel 2007 Service Pack 1
• Microsoft Office Excel 2007 Service Pack 2
• Microsoft Office 2004 for Mac
• Microsoft Office 2008 for Mac
• Open XML File Format Converter for Mac
• Microsoft Office Excel Viewer 2003 Service Pack 3
• Microsoft Office Excel Viewer
• Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
• Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
• Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)
• Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
• Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)
• Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)

2.0 Impact

An attacker who successfully exploits these vulnerabilities can bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges. Other attacks are also possible. Exploitation requires user interaction in that a victim must open a malicious XLS file.

3.0 Affected Products

• Microsoft Office Excel 2000 Service Pack 1, 2, 3 and SR 1
• Microsoft Office Excel 2002 Service Pack 1, 2, 3
• Microsoft Office Excel 2003 Service Pack 1, 2, 3
• Microsoft Office Excel 2007 Service Pack 1, 2
• Microsoft Office Excel Viewer 2003
• Microsoft Office Excel Viewer 2003 Service Pack 3
• Microsoft Office Excel Viewer
• Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
• Microsoft Office 2004 for Mac
• Microsoft Office 2008 for Mac

4.0 Recommendation

4.1 Users are recommended to apply the fixes from Microsoft immediately depending on the product affected:

• Patch for Microsoft Excel 2000 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb&displaylang=en
  
  
• Patch for Microsoft Excel 2003 SP3 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=10156044-a5a4-4312-98a7-1b1ced625ddb
  
  
• Patch for Microsoft Office Compatibility Pack 2007 SP1 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
  
  
• Patch for Microsoft Open XML File Format Converter for Mac is available at:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
  
  
• Patch for Microsoft Excel 2002 SP3 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=dd80ce95-0aec-4493-b9d1-c3dad95c3415
  
  
• Patch for Microsoft Excel 2007 SP2 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
  
  
• Patch for Microsoft SharePoint Server 2007 SP1 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
  
  
• Patch for Microsoft Excel Viewer 2003 SP3 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
  
  
• Patch for Microsoft SharePoint Server 2007 x64 SP2 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
  
  
• Patch for Microsoft Office Excel Viewer 2003 SP3 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=20e6933d-85f8-4cec-9534-893789cd053e
  
  
• Patch for Microsoft SharePoint Server 2007 SP2 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=862e6ad1-8124-4060-93b1-2b882ef5ce3d
  
  
• Patch for Microsoft Office Compatibility Pack 2007 SP2 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=a8be8457-b0b6-455e-907e-d13be883adf2
  
  
• Patch for Microsoft Excel Viewer 0 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=ac0530dc-7f63-4ad0-85c1-784ad28156cf
  
  
• Patch for Microsoft Excel 2007 SP1 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=2bcd565a-6acb-407d-80da-0398526ddf99
  
  
• Patch for Microsoft SharePoint Server 2007 x64 SP1 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=b7b6e611-2c5d-4639-add9-972055789ecd
  
  
• Patch for Microsoft Excel 2000 SP3 is available at:
  http://www.microsoft.com/downloads/details.aspx?familyid=dd16e243-b8e2-4afb-86b6-4d60214598eb

4.2 Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.

4.3 Users may opt using equivalent applications for viewing PowerPoint documents such as OpenOffice (http://www.openoffice.org)

MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. In case of public received any suspicious XLS file and required our further analysis, please reach us at information below:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References

• http://www.securityfocus.com/bid/35242/info
• http://www.securityfocus.com/bid/35245/info
• http://www.securityfocus.com/archive/1/504213
• http://www.zerodayinitiative.com/advisories/ZDI-09-040/
• http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx