(MS11-045) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
Publish Date: 06 luglio 2011
Gravità: : Alto
CVE Identifier: CVE-2011-1272,CVE-2011-1273,CVE-2011-1274,CVE-2011-1275,CVE-2011-1276,CVE-2011-1277,CVE-2011-1278,CVE-2011-1279
Data notifica: 06 luglio 2011
Descrizione
There exists several vulnerabilities in Microsoft Office, some of which pertains to certain versions of Microsoft Excel. To exploit the vulnerabilities, an attacker must persuade a potential victim to open a malicious MS Excel file. Users who are logged on as administrators are more in risk of being negatively impacted than users who are logged on with lesser privileges.
Informazioni esposizione:
The following Trend Micro DPI rules address exploits that may attempt to use this vulnerability:
- 1004695 - Excel Insufficient Record Validation Vulnerability
- 1004691 - Excel Improper Record Parsing Vulnerability
- 1004689 - Excel Out of Bounds Array Access Vulnerability
- 1004698 - Excel WriteAV Vulnerability
- 1004703 - Microsoft Excel Buffer Overrun Vulnerability
Soluzioni
Software e versione interessati:
- Microsoft Excel 2002 Service Pack 3 (Microsoft Office XP Service Pack 3)
- Microsoft Excel 2003 Service Pack 3 (Microsoft Office 2003 Service Pack 3)
- Microsoft Excel 2007 Service Pack 2 (Microsoft Office 2007 Service Pack 2)
- Microsoft Excel 2010 (32-bit editions) (Microsoft Office 2010 (32-bit editions)
- Microsoft Excel 2010 (64-bit editions) (Microsoft Office 2010 (64-bit editions)
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office for Mac 2011
- Open XML File Format Converter for Mac
- Microsoft Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word
- Excel
- and PowerPoint 2007 File Formats Service Pack 2