Microsoft Excel Remote Code Execution Vulnerability (956416) Network Vulnerability

Summary

This host is missing critical security update according to Microsoft Bulletin MS08-057.

Impact

Remote attackers could corrupt memory via a specially crafted Excel (.xls) files. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx

Insight

The flaws are due to - insufficient validation of data in a VBA Performance Cache. - an error in the loading of Excel objects, which in corrupt memory via a specially crafted file. - an integer overflow in the REPT function when handling formulas inside cells.

Affected

Microsoft Execel 2002/XP/2003/2007 on Windows (All). Microsoft Execel Viewer 2003/2007 on Windows (All).

References

http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3471, CVE-2008-3477, CVE-2008-4019

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Take action and discover your vulnerabilities