HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-97
Microsoft Excel Malformed DATETIME Record, STYLE Record, Lotus file, COLINFO Record Vulnerabilities

Original Issue Date: October 11, 2006

Severity Rating: High

Systems Affected

  • Microsoft Office 2000 Service Pack 3
    • Microsoft Excel 2000
  • Microsoft Office XP Service Pack 3
    • Microsoft Excel 2002
  • Microsoft Office 2003 Service Pack 1 or Service Pack 2
    • Microsoft Office Excel 2003
    • Microsoft Office Excel Viewer 2003
  • Microsoft Works Suites:
    • Microsoft Works Suite 2004, Microsoft Works Suite 2005, Microsoft Works Suite 2006

Overview

Certain vulnerabilities have been reported in Microsoft Excel 2000, 2002, 2003, Excel Viewer 2003 and Microsoft Works Suites 2004, 2005 and 2006. A remote attacker could exploit these vulnerabilities to take complete control of affected systems.

If a user was logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

Description

Excel Malformed DATETIME Record Vulnerability- CVE-2006-2387:

This vulnerability is caused because Excel does not perform sufficient data validation when processing the contents of an .xls file. This could be exploited by an attacker When Excel opens a maliciously crafted Excel file and parses a malformed DATETIME record. This could corrupt system memory allowing the attacker could execute arbitrary code.

Excel Malformed STYLE Record Vulnerability- CVE-2006-3431:

This vulnerability is caused due to insufficient data validation by Excel when processing the contents of an .xls file. This could be exploited by an attacker by sending a specially crafted Excel file to affected systems. When Excel opens the malicious Excel file and parses a malformed STYLE record, it may corrupt system memory in such a way that the attacker could execute arbitrary code.

Excel Handling of Lotus 1-2-3 File Vulnerability- CVE-2006-3867:

This vulnerability is caused due to a flaw in Excel occurring while processing a maliciously crafted Lotus 1-2-3 file. This could be exploited by a remote attacker by sending a specially crafted Lotus 1-2-3 file to affected systems. When Excel opens the malicious Lotus 1-2-3 file, it may corrupt system memory in such a way that an attacker could execute arbitrary code.

Malformed COLINFO Record Vulnerability- CVE-2006-3875:

This vulnerability is caused because Excel does not perform sufficient data validation when processing the contents of an .xls file. When Excel opens a specially crafted Excel file and parses a malformed COLINFO record, it may corrupt system memory in such a way that an attacker could execute arbitrary code.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-059

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx

References

US-CERT
http://www.us-cert.gov/cas/techalerts/TA06-283A.html

Secunia
http://secunia.com/advisories/20268

CVE Name
CVE-2006-2387
CVE-2006-3431
CVE-2006-3867
CVE-2006-3875

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003