Microsoft Excel vulnerabilities could allow remote code execution
Report ID: MS201211006
Date Published: 14 November 2012
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office 2008 for Mac
Microsoft Office for Mac 2011
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Summary
Four reported vulnerabilities in Microsoft Excel could each be exploited by an attacker to execute code and take control of an affected system.
Detailed Description
Microsoft has released a security update to address multiple vulnerabilities in Microsoft Excel. Four vulnerabilities in total were reported, each of which could be exploited into allowing an attacker to execute code on the affected system. The vulnerabilities were caused by improper memory handling when opening Excel files, or a system memory corruption that resulted when encountering a modified data structure.
All of the vulnerabilities have been resolved through the latest update, which introduces necessary changes and modifications. Users are recommended to install the update onto their system as a protection measure against potential exploit attempts.
CVE Reference
CVE-2012-1885, CVE-2012-1886, CVE-2012-1887, CVE-2012-2543
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-076)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
