copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » AusCERT N... » AL-2008.0009 -- [Win][OSX] -- Reported Vulnerability...
 

AL-2008.0009 -- [Win][OSX] -- Reported Vulnerability in Microsoft Excel - Remote Code Execution
Date: 15 January 2008

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2008.0009 -- AUSCERT ALERT
                                [Win][OSX]
     Reported Vulnerability in Microsoft Excel - Remote Code Execution
                              16 January 2008

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:              Excel 2003 Service Pack 2 and prior
                      Microsoft Office Excel Viewer 2003
                      Microsoft Excel 2004 for Mac
Operating System:     Windows
                      Mac OS X
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-0081

Original Bulletin:    
  http://www.microsoft.com/technet/security/advisory/947563.mspx

OVERVIEW:

       Microsoft is currently investigating a vulnerability in various 
       editions of Excel which is currently being exploited to gain
       the same rights as the local user.


IMPACT:

       The following versions of Excel are confirmed to be vulnerable [1]:
       - Microsoft Office Excel 2003 Service Pack 2
       - Microsoft Office Excel Viewer 2003
       - Microsoft Office Excel 2002
       - Microsoft Office Excel 2000
       - Microsoft Excel 2004 for Mac

       Microsoft have released the following information regarding the 
       impact of this vulnerability.

       \"An attacker who successfully exploited this vulnerability could 
       gain the same user rights as the local user. Users whose accounts 
       are configured to have fewer user rights on the system could be less 
       affected than users who operate with administrative user rights.\" [1]


MITIGATION:

       Users of Excel 2003 can do one of the following:
       - Install Excel 2003 Service Pack 3 (as this version is not 
         vulnerable)
       - Install the Microsoft Office Isolated Conversion Environment. This
         software can only be used on Office 2003 or 2007. For a link to the
         download and installation instructions please see the Microsoft
         Security Advisory. [1]
       - Use Microsoft Office File Block policy to block the opening of 
         Office 2003 and earlier documents from unknown or untrusted sources 
         and locations. This mitigation requires editing the system registry
         and setting up an \"exempt directory.\" Instructions once again are
         on the Microsoft Security Advisory. [1]

       For all other Excel users, Microsoft has not yet published any 
       workarounds. There are however a few simple steps you can take until
       the patches are released to correct this issue.

       - Don\'t open Excel attachments from unknown sources
       - Keep you virus definition files up to date
       - Don\'t open websites that you are being asked to visit via emails
         from unknown sources

       Administrators should consider blocking or quarantining these 
       attachments at the email gateway.


REFERENCES:

       [1] Microsoft Security Advisory (947563)
           http://www.microsoft.com/technet/security/advisory/947563.mspx

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation\'s site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR42uJih9+71yA2DNAQLMHgP+IFx96CxkuOqfafnzrQUruloApq2rHbEf
W1c3E9ZwV1uhGbsOp/BCB5+1FctAQxy5GyZsK1bgT/lt3vIg7K4i5+z4pk83ojju
wvhBH5VwzicO3ERlKxJqqUAxqNBGsBGzvP+JcQNxAAyK/zXRaQsoUlFW9F4Kbir8
rixuLqkbJK8=
=Lg3k
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/8654