Microsoft Security Bulletins for
= Check Point has provided a protection to this bulletin
Microsoft Security Bulletin MS08-017:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
Severity: Critical
CVE-2007-1201: Office Web Components DataSource Vulnerability â
A remote code execution vulnerability exists in the way Microsoft Office Web Components manages memory resources. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- Update Protection against Microsoft Office Web Components Remote Code Execution Vulnerability (MS08-017) Release Date:
CVE-2006-4695: Office Web Components URL Parsing Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office Web Components manages memory resources when parsing specially crafted URLs. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- Update Protection against Microsoft Office Web Components Remote Code Execution Vulnerability (MS08-017) Release Date:
Microsoft Security Bulletin MS08-016:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Severity: Critical
CVE-2008-0118: Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office processes malformed Office files. An attacker could exploit the vulnerability by creating a malformed Office file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
- Check Point Response
- Update Protection against Microsoft Office PowerPoint Memory Corruption Vulnerability (MS08-016) Release Date:
CVE-2008-0113: Microsoft Office Cell Parsing Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office handles specially crafted Excel files. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
- Check Point Response
- Update Protection against Microsoft Office Cell Parsing Memory Corruption Vulnerability (MS08-016) Release Date:
Microsoft Security Bulletin MS08-015:
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Severity: Critical
CVE-2008-0110: Outlook URI Vulnerability â
A remote code execution exists in Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Check Point Response
- Update Protection against Microsoft Outlook Crafted URI Remote Code Execution Vulnerability (MS08-015) Release Date:
Microsoft Security Bulletin MS08-014:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Severity: Critical
CVE-2008-0115: Excel Formula Parsing Vulnerability â
A remote code execution vulnerability exists in the way Excel handles malformed formulas. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Update Protection against Microsoft Excel Formula Parsing Vulnerability (MS08-014) Release Date:
CVE-2008-0117: Excel Conditional Formatting Vulnerability â
A remote code execution vulnerability exists in the way Excel handles conditional formatting values. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Update Protection against Microsoft Excel Conditional Formatting Vulnerability (MS08-014) Release Date:
CVE-2008-0111: Excel Data Validation Record Vulnerability â
A remote code execution vulnerability exists in the way Excel processes data validation records when loading Excel files into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Update Protection against Microsoft Excel Data Validation Record Vulnerability (MS08-014) Release Date:
CVE-2008-0112: Excel File Import Vulnerability â
A remote code execution vulnerability exists in the way Excel handles data when importing files into Excel. An attacker could exploit the vulnerability by sending a malformed .slk file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment, and which could then be imported into Excel.
- Check Point Response
- Workaround for Multiple Microsoft Symbolic Link Files Vulnerabilities (MS08-014) Release Date:
CVE-2008-0116: Excel Rich Text Validation Vulnerability â
A remote code execution vulnerability exists in the way Excel handles rich text values when loading application data into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Update Protection against Microsoft Excel Rich Text Validation Vulnerability (MS08-014) Release Date:
CVE-2008-0114: Excel Style Record Vulnerability â
A remote code execution vulnerability exists in the way Excel handles Style record data when opening Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Update Protection against Microsoft Excel Style Record Vulnerability (MS08-014) Release Date:
CVE-2008-0081: Macro Validation Vulnerability â
A remote code execution vulnerability exists in the way Excel handles macros when opening specially crafted Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Update Protection against Microsoft Excel File Handling Code Execution Vulnerability (MS 947563) Release Date:
CVE-2008-0081: Macro Validation Vulnerability â
A remote code execution vulnerability exists in the way Excel handles macros when opening specially crafted Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
- Check Point Response
- Preemptive Protection against Microsoft Excel Macro Validation Remote Code Execution Vulnerability (MS08-014) Release Date: