Multiple Remote Code Execution Vulnerabilities in MS Excel Disclosed
( Microsoft Security Bulletin MS11-072 )
Summary
Five vulnerabilities have been identified in the way that Microsoft Excel parses files. Check Point's IPS Software Blade and NGX SmartDefense provide network protection against these issues.
Details
By enticing a user to open a maliciously crafted Excel file, an attacker could take complete control of the targeted system, allowing him to install programs, create new accounts, and view, change or delete data on it.
Affected Products
Please consult the Check Point Protection bulletins linked below in the Solution section for specifics about which products are affected by each vulnerability.
Solution
Check Point recommends that the updates described in MS11-072 be deployed as soon as is practical. In the meantime, Check Point's IPS Software Blade and NGX SmartDefense protect networks from these issues by detecting and blocking transferal of malicious Excel files via HTTP. The following table lists each vulnerability with its severity as well as the associated CVE reference and Check Point Protection.
| Microsoft Excel Vulnerability | Severity | Industry Reference | Check Point Protection |
|---|---|---|---|
| Use after Free WriteAV | High | CVE-2011-1986 | CPAI-2011-408 |
| Out of Bounds Array Indexing (1) | High | CVE-2011-1987 | CPAI-2011-405 |
| Heap Corruption | High | CVE-2011-1988 | CPAI-2011-412 |
| Conditional Expression Parsing | High | CVE-2011-1989 | CPAI-2011-406 |
| Out of Bounds Array Indexing (2) | Critical | CVE-2011-1990 | CPAI-2011-411 |
Originally Published:
Last Updated: 13-Sep-2011