Multiple vulnerabilities have been identified in Microsoft Office, which could be exploited by remote attackers to execute arbitrary commands.
The first issue is due to a memory corruption error in Excel when handling a malformed range, which could be exploited by attackers to compromise a vulnerable system via a malicious document.
The second flaw is due to a memory corruption error in Office when handling a specially crafted "routing slip", which could be exploited by attackers to compromise a vulnerable system via a malicious document.
The third vulnerability is due to a memory corruption error in Excel when handling malformed BOOLERR records in a BIFF file, which could be exploited by attackers to compromise a vulnerable system via a malicious document.
The fourth flaw is due to a memory corruption error in Excel when handling a specially crafted description, which could be exploited by attackers to compromise a vulnerable system via a malicious document.
The fifth issue is due to a memory corruption error in Excel when handling specially crafted graphics, which could be exploited by attackers to compromise a vulnerable system via a malicious document.
The sixth vulnerability is due to a memory corruption error in Excel when handling malformed records, which could be exploited by attackers to compromise a vulnerable system via a malicious Excel document.
Credits
Vulnerabilities reported by Peter Winter-Smith, Ollie Whitehouse, Arnaud Dovi, Dejun Meng, Eyas and the vendor.
ChangeLog
2006-03-15 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
