F-Secure
Tools
Microsoft Excel Invalid Object Reference Vulnerability
| Report ID: | SA200900904 |
| Source: | Secunia |
| Date of Discovery: | 24.02.2009 |
| Criticality: | Critical |
| Affects: | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office 2007 Microsoft Office 2008 for Mac Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office XP |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
Detailed Description
A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error that may cause an invalid object to be referenced when opening an Excel document.
Successful exploitation allows execution of arbitrary code.
NOTE: According to Microsoft, the vulnerability is currently being actively exploited.
The vulnerability is caused due to an error that may cause an invalid object to be referenced when opening an Excel document.
Successful exploitation allows execution of arbitrary code.
NOTE: According to Microsoft, the vulnerability is currently being actively exploited.
Solution
The vendor recommends using MOICE (Microsoft Office Isolated Conversion Environment) for opening untrusted Office documents and/or using Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents.
Original Reference
-
CVE Reference
CVE-2009-0238