According to Microsoft Security Bulletin MS09-021 - Update for Microsoft Excel , an attacker could then install programs, view, change, or delete data; or create new accounts with full user rights.
This update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only.
Fortinet - "All three vulnerabilities lie in 'excel.exe', which is used when processing an Excel file. A maliciously crafted document may contain a malformed 1) BRAI (0x1051) record or 2) Object (0x5d) record or 3) Formula record (0x06) that, when processed, will result in memory corruption and allow a remote attacker to arbitrarily execute code on the victim's machine."
Telus Security Labs - "A buffer overflow vulnerability exists in Microsoft Office Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed set of records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user."
Acknowledgments:
Microsoft thanks the following for working with us to help protect customers:
Bing Liu of Fortinet's FortiGuard Global Security Research Team for reporting the Pointer Corruption Vulnerability (CVE-2009-0549), the Object Record Corruption Vulnerability (CVE-2009-0557), and the the Field Sanitization Memory Corruption Vulnerability (CVE-2009-0560).
Carsten H. Eiram of Secunia for reporting the Array Indexing Memory Corruption Vulnerability (CVE-2009-0558) and the Record Integer Overflow Vulnerability (CVE-2009-0561).
Sean Larsson and Joshua Drake of VeriSign iDefense Labs for reporting the Record Integer Overflow Vulnerability (CVE-2009-0561).
TELUS Security Labs Vulnerability Research Team for reporting the String Copy Stack-Based Overrun Vulnerability (CVE-2009-0559).
TippingPoint and the Zero Day Initiative, for reporting the Record Pointer Corruption Vulnerability (CVE-2009-1134)
Leave a comment