Subscriptions | RSS Feeds | Discussions | Polls | Site Map


All Threats	Viruses	Hackers	Spam

Whole site

Viruses

Software Vulnerabilities

Examples and Descriptions

Basic Statistics

Hacker Attack Detection

Hacker Mentality

Timeline of Incidents

Major Personalities

Hackers and Law

Virus Encyclopedia

Learn about worms, viruses, Trojans and more in our Virus Encyclopedia.

About Spam

Read about spam and spammers in our About Spam section.

Home / Hackers / About Hackers / Software Vulnerabilities / Examples and Descriptions / SA29321

Microsoft Office Two Code Execution Vulnerabilities

Secunia ID
SA29321

CVE-ID
CVE-2008-0113, CVE-2008-0118

Release Date
11 Mar 2008

Last Change
17 Apr 2008

Solution Status
Vendor Patch

Software
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office XP
Microsoft Word Viewer 2003

Where
From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description
Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
1) An error when parsing cells comments in Excel files can be exploited to corrupt memory via a specially crafted Excel file.
2) An unspecified error when parsing Office files can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution
Apply patches.
Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=72735aa1-e22c-40ed-8c79-38fba89979aa
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=9cf8aafa-71a5-4017-b53c-4e80ef6e1188
Microsoft Office 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa
Microsoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa
Microsoft Office Excel Viewer 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=95DCEB37-B35F-46DB-B280-DB0F3B298AA9
Microsoft Office Word Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa
Microsoft Office Word Viewer 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=9f25922c-d3c2-4ef1-b164-8a21a77d29aa

Reported by
1) Reported by Arnaud Dovi via Zero Day Initiative.
2) The vendor credits an anonymous person.

Original Advisory
MS08-016 (KB949030):
http://www.microsoft.com/technet/security/Bulletin/MS08-016.mspx
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-008/

Email: webmaster@viruslist.com

All Threats

Viruses

Hackers

Spam

Microsoft Office Two Code Execution Vulnerabilities

System access