Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Excel vulnerabilities could allow remote code execution


Report ID: MS201211006
Date Published: 14 November 2012

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office 2008 for Mac
Microsoft Office for Mac 2011
Microsoft Excel Viewer
Microsoft Office Compatibility Pack




Summary

Four reported vulnerabilities in Microsoft Excel could each be exploited by an attacker to execute code and take control of an affected system.



Detailed Description

Microsoft has released a security update to address multiple vulnerabilities in Microsoft Excel. Four vulnerabilities in total were reported, each of which could be exploited into allowing an attacker to execute code on the affected system. The vulnerabilities were caused by improper memory handling when opening Excel files, or a system memory corruption that resulted when encountering a modified data structure.

All of the vulnerabilities have been resolved through the latest update, which introduces necessary changes and modifications. Users are recommended to install the update onto their system as a protection measure against potential exploit attempts.



CVE Reference

CVE-2012-1885, CVE-2012-1886, CVE-2012-1887, CVE-2012-2543



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-076)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.