Summary
This host is missing an important security update according to Microsoft Bulletin MS12-030.
Impact
Successful exploitation could allow attackers to execute arbitrary code with the privileges of the user running the affected application.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-030
Insight
The flaws are due to errors while handling OBJECTLINK record, SXLI record, MergeCells record and an mismatch error when handling the Series record within Excel files.
Affected
Microsoft Excel Viewer
Microsoft Excel 2003 Service Pack 3
Microsoft Excel 2010 Service Pack 1 and prior
Microsoft Office 2010 Service Pack 1 and prior
Microsoft Excel 2007 Service Pack 2 and Service Pack 3 Microsoft Office 2007 Service Pack 2 and Service Pack 3 Microsoft Office Compatibility Pack Service Pack 2 and Service Pack 3
References
- http://support.microsoft.com/kb/2553371
- http://support.microsoft.com/kb/2596842
- http://support.microsoft.com/kb/2597086
- http://support.microsoft.com/kb/2597161
- http://support.microsoft.com/kb/2597162
- http://support.microsoft.com/kb/2597166
- http://support.microsoft.com/kb/2597969
- http://technet.microsoft.com/en-us/security/bulletin/ms12-030
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0141, CVE-2012-0142, CVE-2012-0143, CVE-2012-0184, CVE-2012-0185, CVE-2012-1847 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
- Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
- Cumulative Security Update for Internet Explorer (939653)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)