Tuesday, October 19, 2010

Microsoft Office Excel: Ghost Record Type Parsing Vulnerability

Users of Microsoft Office Excel please be advised of a Ghost Record Type Parsing vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
CVE-2010-3242: Microsoft Office Excel Ghost Record Type Parsing Vulnerability
AFFECTED PRODUCTS

---------------------------



Microsoft Office 2008 for Mac

Microsoft Office 2004 for Mac

Microsoft Office XP Service Pack 3

Open XML File Format Converter for Mac


. DESCRIPTION

---------------------



VUPEN Vulnerability Research Team discovered a critical vulnerability

in Microsoft Office Excel.



The vulnerability is caused by an input validation error when processing

certain elements in a Ghost record, which could be exploited by remote

attackers to execute arbitrary code by tricking a user into opening a

specially crafted Excel document.


Read more at www.criticalwatch.com
 

No comments:

Post a Comment