Four Remote Code Execution Vulnerabilities Discovered in Microsoft Excel
( Microsoft Security Bulletin MS12-076 )
Summary
Four vulnerabilities have been found in Microsoft Excel, with three being ranked Critical in severity and one ranked High. A remote attacker could exploit any of these issues to take complete control of a targeted system. The Check Point IPS Software Blade provides protection against all of these issues in the latest IPS release.
Details
Remote code execution vulnerabilities exist in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploits any of these vulnerabilities could take complete control of a targeted system. The attacker could then install programs; view, change, or delete data; and/or create new accounts with full user rights.
Affected Products
Please consult the Check Point Protection links in the table below to determine which versions of Excel are affected by each issue.
Solution
The Check Point IPS Software Blade provides immediate network protection against all of these issues in the latest IPS update by detecting and blocking transferal of malformed Excel files. The following table lists each vulnerability with its severity as well as the associated CVE reference and Check Point Protection.
| Microsoft Excel Vulnerability | Severity | Industry Reference | Check Point Protection |
|---|---|---|---|
| SerAuxErrBar Heap Overflow | Critical | CVE-2012-1885 | CPAI-2012-402 |
| Malformed File Memory Corruption | Critical | CVE-2012-1886 | CPAI-2012-790 |
| SST Invalid Length Use After Free | Critical | CVE-2012-1887 | CPAI-2012-802 |
| Modified Data Structure Stack Overflow | High | CVE-2012-2543 | CPAI-2012-795 |
Originally Published:
Last Updated: 14-Nov-2012