---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Microsoft Excel rtWnDesk Record Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA26145 VERIFY ADVISORY: http://secunia.com/advisories/26145/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Excel 2000 http://secunia.com/product/3054/ Microsoft Excel 2002 http://secunia.com/product/4043/ Microsoft Excel 2003 http://secunia.com/product/4970/ Microsoft Excel Viewer 2003 http://secunia.com/product/7700/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Office 2004 for Mac http://secunia.com/product/8713/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ DESCRIPTION: Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when validating an index value in the rtWnDesk record and can be exploited to corrupt memory via a specially crafted Excel Workspace (XLW) file. Successful exploitation may allow execution of arbitrary code. Other unspecified security issues discovered internally by Microsoft have also been reported. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=082B98F7-9556-4F1F-823A-C41DDF5A7C9A Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=91308769-2577-4F9F-8209-06F2C8C8A86F Microsoft Office 2003 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=B0130E9E-8845-4D79-AAA1-A21CC9388ABE Microsoft Excel Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=C4A87572-3128-44F7-8069-95535A78500A Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/downloads.aspx#Office2004 PROVIDED AND/OR DISCOVERED BY: Dyon Balding, Secunia Research. ORIGINAL ADVISORY: MS07-044 (KB940965): http://www.microsoft.com/technet/security/Bulletin/MS07-044.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------