Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Security Bulletin MS06-037

Published: 2006-07-11
Last Updated: 2006-07-11 22:03:21 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)


Microsoft Security Bulletin MS06-037

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately

This Security Bulletin covers multiple CVE items as indicated below:

CVE-2006-1301 - Microsoft Excel Malformed SELECTION record vulnerability
CVE-2006-1302 Microsoft Excel Malformed SELECTION record vulnerability
CVE-2006-1304 Microsoft Excel Malformed COLINFO record vulnerability
CVE-2006-1306 Microsoft Excel Malformed OBJECT record vulnerability
CVE-2006-1308 Microsoft Excel Malformed FNGROUPCOUNT Value vulnerability
CVE-2006-1309 Microsoft Excel Malformed LABEL record vulnerability
CVE-2006-2388 Microsoft Excel Rebuilding vulnerability
CVE-2006-3059 Microsoft Excel Malformed file vulnerability

This update resolves several public, privately reported, and newly discovered vulnerabilities.  All of these state that a remote code execution vulnerability exists in Excel dealing with each of the identified items. The only workaround suggested and tested is to NOT open attachments from untrusted sources.  I guess that means, PATCH.

Microsoft states:

When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Keywords:
0 comment(s)
Diary Archives