.

Excel Featheader Record Memory Corruption Vulnerability

Posted on December 3rd, 2009 by admin

Description -

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ? The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. ? An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

McAfee Product Mitigation & Recommendations

Recommendations -

Vendor has released patches to address this issue. http://www.microsoft.com/technet/security/bulletin/ms09-067.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-067) Excel Featheader Record Memory Corruption Vulnerability (972652)
Signature identifier:
7321
Release date:
11/10/2009
 
Posted in Excel Featheader Record Memory Corruption Vulnerability

Comments

No comments so far.

Leave a Reply

 
(will not be published)
 
 
 
 
 
Blogroll
Tags

Resources