Check Point Advisories

Update Protection against Multiple Microsoft Office Vulnerabilities (MS06-012)

Check Point Reference: CPAI-2006-024
Date Published: 15 Mar 2006
Severity: Critical
Last Updated: Monday 07 May, 2007
Source:

Microsoft Security Bulletin MS06-012
Industry Reference:CVE-2005-4131
CVE-2006-0028
CVE-2006-0029
CVE-2006-0030
CVE-2006-0031
CVE-2006-0009
Protection Provided by:
Who is Vulnerable? For a complete list of the affected systems, visit Microsoft Security Bulletin MS06-012 at http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx.
Vulnerability Description Several remote code execution vulnerabilities exist in Microsoft Office, including vulnerabilities in Excel, Power Point and Word. A remote attacker may create a malicious Excel, PowerPoint or Word file and host it on a Web site or send it as an email attachment. This may allow an attacker to overflow a buffer and possibly execute arbitrary code on the affected system.
Update/Patch AvaliableMicrosoft has released patches for these vulnerabilities. For a complete list of patches, visit http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx.
Vulnerability DetailsSeveral Vulnerabilities were detected in Microsoft Office:

CVE-2005-4131: When Excel opens a specially crafted Excel using a malformed range, it may corrupt system memory, potentially allowing an attacker to execute arbitrary code.

CVE-2006-0028: When Excel opens a specially crafted Excel file using malformed parsing format file, it may corrupt system memory, potentially allowing an attacker to execute arbitrary code.

CVE-2006-0029: When Excel opens a specially crafted Excel file using a malformed description, it may corrupt system memory, potentially allowing an attacker to execute arbitrary code.

CVE-2006-0030: When Excel opens a specially crafted Excel file using a malformed graphic, it may corrupt system memory, potentially allowing an attacker to execute arbitrary code.

CVE-2006-0031: When Excel opens a specially crafted Excel file using a malformed record, it may corrupt system memory, potentially allowing an attacker to execute arbitrary code.

CVE-2006-0009: When Office opens a crafted routing slip within an Office document, it may corrupt system memory, potentially allowing an attacker to execute arbitrary code.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK