===================================================================== CERT-Renater Note d'Information No. 2007/VULN287 _____________________________________________________________________ DATE : 11/07/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows avec Microsoft Excel ====================================================================== MS07-036 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution Affected Software: - Microsoft Excel 2000 Service Pack 3 - Microsoft Excel 2002 Service Pack 3 - Microsoft Excel 2003 Service Pack 2 - Microsoft Excel 2003 Viewer - Microsoft Office Excel 2007 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Non-Affected Software: Full MS07-036 advisory: http://www.microsoft.com/technet/security/bulletin/ms07-036.mspx Vulnerability Details Calculation Error Vulnerability - CVE-2007-1756 Worksheet Memory Corruption Vulnerability - CVE-2007-3029 Workbook Memory Corruption Vulnerability - CVE-2007-3030 Remote code execution vulnerabilities exist in the way Excel handles malformed Excel files. An attacker could exploit the vulnerabilities by sending a malformed file which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================