SECUNIA ADVISORY ID: SA31593

VERIFY ADVISORY: http://secunia.com/advisories/31593/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Microsoft Open XML File Format Converter for Mac - http://secunia.com/advisories/product/20148/
Microsoft Office Excel Viewer 2007 - http://secunia.com/advisories/product/19210/
Microsoft Office Excel Viewer 2003 - http://secunia.com/advisories/product/7700/
Microsoft Office Excel 2007 - http://secunia.com/advisories/product/14161/
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats - http://secunia.com/advisories/product/14165/
Microsoft Office 2008 for Mac - http://secunia.com/advisories/product/17922/
Microsoft Office 2004 for Mac - http://secunia.com/advisories/product/8713/
Microsoft Excel 2003 - http://secunia.com/advisories/product/4970/
Microsoft Excel 2002 - http://secunia.com/advisories/product/4043/
Microsoft Excel 2000 - http://secunia.com/advisories/product/3054/
Microsoft Office 2000 - http://secunia.com/advisories/product/24/
Microsoft Office 2003 Professional Edition - http://secunia.com/advisories/product/2276/
Microsoft Office 2003 Small Business Edition - http://secunia.com/advisories/product/2277/
Microsoft Office 2003 Standard Edition - http://secunia.com/advisories/product/2275/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/advisories/product/2278/
Microsoft Office 2007 - http://secunia.com/advisories/product/13228/
Microsoft Office XP - http://secunia.com/advisories/product/23/

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

1) An error while validating an index value in a NAME record can be exploited to corrupt memory via a specially crafted Excel Spreadsheet (XLS) file.
2) An unspecified error in the processing of Excel records can be exploited to corrupt memory via a specially crafted XLS file. 3) An unspecified error in the processing of Excel formulas can be exploited to corrupt memory via a specially crafted XLS file.

SOLUTION: Apply patches.
Microsoft Excel 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=f39d2a49-f861-4f2d-bf91-94a8a85af40c
Microsoft Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=72076e21-2aa3-48e8-883a-c3cb756fc72a
Microsoft Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=6c0771e5-fcd4-4365-b903-1a3bd95d9e66
Microsoft Excel 2007: http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf
Microsoft Excel 2007 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf
Microsoft Office Excel Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e
Microsoft Office Excel Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e
Microsoft Office Excel Viewer: http://www.microsoft.com/downloads/details.aspx?FamilyId=9dbb35c1-aa7a-481b-a330-8ba916ddd443
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f
Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820
Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=AB31A564-43D2-45BD-98BF-19E9CA477B62
Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=EDB6CD8F-832C-4123-8982-AC0C601EA0A7

PROVIDED AND/OR DISCOVERED BY:
1) Dyon Balding, Secunia Research
2) The vendor credits Joshua J. Drake, VeriSign iDefense Labs.
3) The vendor credits Claes M Nyberg, signedness.org.

ORIGINAL ADVISORY: MS08-074 (KB959070): http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx

Secunia Research: http://secunia.com/secunia_research/2008-36/