Title: Microsoft Excel Index Array Remote Code Execution Vulnerability
Severity: HIGH
Description:
Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite.
Excel is prone to a remote code-execution vulnerability when parsing malformed 'FORMAT' records in Excel files. This issue occurs because the application fails to validate index array records in Excel files.
A specially crafted file with an out-of-bounds array index will cause Excel to write a byte to arbitrary locations in stack memory.
Attackers may exploit this issue by enticing victims into opening a malicious Excel file.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
Affected Products:
- Avaya Messaging Application Server
- Avaya Messaging Application Server MM 1.1
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Microsoft Excel 2002 SP3
- Microsoft Office 2000 SP3
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Microsoft Office XP SP3
References:
- Avaya Inc.: ASA-2008-337 MS08-043 Vulnerabilities in Microsoft Excel Could Allow Remote Code
- Microsoft: Microsoft Security Bulletin MS08-043
- iDefense: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
