===================================================================== CERT-Renater Note d'Information No. 2008/VULN082 _____________________________________________________________________ DATE : 12/03/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Microsoft Excel. ====================================================================== http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx ______________________________________________________________________ MS08-014 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) Published: March 11, 2008 Version: 1.0 This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office 2004 for Mac, and Office 2008 for Mac. Affected Software o Microsoft Office 2000 Service Pack 3 o Microsoft Office XP Service Pack 3 o Microsoft Office 2003 Service Pack 2 o 2007 Microsoft Office System o Microsoft Office Excel Viewer 2003 o Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats o Microsoft Office 2004 for Mac o Microsoft Office 2008 for Mac Vulnerability Information Excel Data Validation Record Vulnerability - CVE-2008-0111 A remote code execution vulnerability exists in the way Excel processes data validation records when loading Excel files into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. Workarounds for Excel Data Validation Record Vulnerability - CVE-2008-0111 Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality: o Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations The following registry scripts can be used to set the File Block policy. For Office 2003 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock] "BinaryFiles"=dword:00000001 Note In order to use 'FileOpenBlock' with Office 2003, all of the latest Office 2003 security updates must be applied. Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System. o Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file. Excel File Import Vulnerability - CVE-2008-0112 A remote code execution vulnerability exists in the way Excel handles data when importing files into Excel. An attacker could exploit the vulnerability by sending a malformed .slk file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment, and which could then be imported into Excel. Workarounds for Excel File Import Vulnerability - CVE-2008-0112 o Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file. Excel Style Record Vulnerability - CVE-2008-0114 o A remote code execution vulnerability exists in the way Excel handles Style record data when opening Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. Workarounds for Style Record Vulnerability - CVE-2008-0114 o Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources o Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations Excel Formula Parsing Vulnerability - CVE-2008-0115 o A remote code execution vulnerability exists in the way Excel handles malformed formulas. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. Workarounds for Excel Formula Parsing Vulnerability - CVE-2008-0115 o Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations Excel Rich Text Validation Vulnerability - CVE-2008-0116 o A remote code execution vulnerability exists in the way Excel handles rich text values when loading application data into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. Workarounds for Excel Rich Text Validation Vulnerability - CVE-2008-0116 o Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations Excel Conditional Formatting Vulnerability - CVE-2008-0117 o A remote code execution vulnerability exists in the way Excel handles conditional formatting values. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. Workarounds for Excel Conditional Formatting Vulnerability - CVE-2008-0117 o Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file. Macro Validation Vulnerability - CVE-2008-0081 o A remote code execution vulnerability exists in the way Excel handles macros when opening specially crafted Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. Workarounds for Macro Validation Vulnerability - CVE-2008-0081 o Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources o Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================