9.3 - MS08-014

Executive Summary

Summary
Title	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Informations
Name	MS08-014	First vendor Publication	2008-03-11
Vendor	Microsoft	Last vendor Modification	2008-10-01
Severity (Vendor)	Critical	Revision	3.3

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V3.3 (October 1, 2008): Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to explain what components of the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats are updated by this bulletin. This is an informational change only. There were no changes to the security update binaries. Summary: This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-26	Leveraging Race Conditions
CAPEC-29	Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-172	Time and State Attacks

CWE : Common Weakness Enumeration

%	Id	Name
83 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
17 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5114

Oval ID:	oval:org.mitre.oval:def:5114
Title:	Excel Data Validation Record Vulnerability
Description:	Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0111	Version:	9
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968 OR Excel 2002 Microsoft Excel 2002 is installed AND the version of excel.exe is less than 10.0.6841.0 OR Excel 2003 Microsoft Excel 2003 is installed AND the version of excel.exe is less than 11.0.8211.0 OR Excel Viewer Microsoft Excel Viewer 2003 is installed AND Check if the version of xlview.exe is less than 11.0.8202.0 OR Excel 2007 Microsoft Excel 2007 is installed AND the version of excel.exe is less than 12.0.6300.5000 OR Office Compatibility Pack 2007 Microsoft Office Compatibility Pack is installed AND the version of excelcnv.exe is less than 12.0.6300.5000

Definition Id: oval:org.mitre.oval:def:5212

Oval ID:	oval:org.mitre.oval:def:5212
Title:	Excel Rich Text Validation Vulnerability
Description:	Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0116	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968 OR Excel 2002 Microsoft Excel 2002 is installed AND the version of excel.exe is less than 10.0.6841.0 OR Excel 2003 Microsoft Excel 2003 is installed AND the version of excel.exe is less than 11.0.8211.0 OR Excel Viewer Microsoft Excel Viewer 2003 is installed AND Check if the version of xlview.exe is less than 11.0.8202.0 OR Office Compatibility Pack 2007 Microsoft Office Compatibility Pack is installed AND the version of excelcnv.exe is less than 12.0.6300.5000

Definition Id: oval:org.mitre.oval:def:5284

Oval ID:	oval:org.mitre.oval:def:5284
Title:	Excel File Import Vulnerability
Description:	Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0112	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968

Definition Id: oval:org.mitre.oval:def:5456

Oval ID:	oval:org.mitre.oval:def:5456
Title:	Excel Style Record Vulnerability
Description:	Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0114	Version:	9
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968 OR Excel 2002 Microsoft Excel 2002 is installed AND the version of excel.exe is less than 10.0.6841.0 OR Excel 2003 Microsoft Excel 2003 is installed AND the version of excel.exe is less than 11.0.8211.0 OR Excel Viewer Microsoft Excel Viewer 2003 is installed AND Check if the version of xlview.exe is less than 11.0.8202.0

Definition Id: oval:org.mitre.oval:def:5508

Oval ID:	oval:org.mitre.oval:def:5508
Title:	Excel Conditional Formatting Vulnerability
Description:	Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0117	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000 Microsoft Excel 2002
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968 OR Excel 2002 Microsoft Excel 2002 is installed AND the version of excel.exe is less than 10.0.6841.0

Definition Id: oval:org.mitre.oval:def:5512

Oval ID:	oval:org.mitre.oval:def:5512
Title:	Excel Formula Parsing Vulnerability
Description:	Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0115	Version:	9
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968 OR Excel 2002 Microsoft Excel 2002 is installed AND the version of excel.exe is less than 10.0.6841.0 OR Excel 2003 Microsoft Excel 2003 is installed AND the version of excel.exe is less than 11.0.8211.0 OR Excel Viewer Microsoft Excel Viewer 2003 is installed AND Check if the version of xlview.exe is less than 11.0.8202.0 OR Excel 2007 Microsoft Excel 2007 is installed AND the version of excel.exe is less than 12.0.6300.5000 OR Office Compatibility Pack 2007 Microsoft Office Compatibility Pack is installed AND the version of excelcnv.exe is less than 12.0.6300.5000

Definition Id: oval:org.mitre.oval:def:5546

Oval ID:	oval:org.mitre.oval:def:5546
Title:	Macro Validation Vulnerability
Description:	Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0081	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003
Definition Synopsis:
Excel 2000 Microsoft Excel 2000 is installed AND the version of excel.exe is less than 9.0.0.8968 OR Excel 2002 Microsoft Excel 2002 is installed AND the version of excel.exe is less than 10.0.6841.0 OR Excel 2003 Microsoft Excel 2003 is installed AND the version of excel.exe is less than 11.0.8211.0 OR Excel Viewer Microsoft Excel Viewer 2003 is installed AND Check if the version of xlview.exe is less than 11.0.8202.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Compatibility Pack Word Excel Powerpoint 2007 cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint_2007::::::::	1
Application	Microsoft Excel cpe:2.3:a:microsoft:excel:2007:::::::* cpe:2.3:a:microsoft:excel:2003:sp2:::::: cpe:2.3:a:microsoft:excel:2002:sp3:::::: cpe:2.3:a:microsoft:excel:2000:sp3::::::	4
Application	Microsoft Excel Viewer cpe:2.3:a:microsoft:excel_viewer:2003:::::::*	1
Application	Microsoft Office cpe:2.3:a:microsoft:office:2008::mac::::: cpe:2.3:a:microsoft:office:2007:::::::* cpe:2.3:a:microsoft:office:2004::mac::::: cpe:2.3:a:microsoft:office:2004:::::macos:: cpe:2.3:a:microsoft:office:2003:sp2:::::: cpe:2.3:a:microsoft:office:2000:sp3:::::: cpe:2.3:a:microsoft:office:xp:sp3::::::	7
Application	Microsoft Office Compatibility Pack For Word Excel Ppt 2007 cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::::::::	1

SAINT Exploits

Description	Link
Microsoft Excel conditional formatting vulnerability	More info here
Microsoft Excel rtAFDesc record invalid pointer access	More info here

ExploitDB Exploits

id	Description
2008-03-21	Microsoft Office Excel Code Execution Exploit (MS08-014)

Open Source Vulnerability Database (OSVDB)

Id	Description
42732	Microsoft Excel Macro Validation Unspecified Code Execution Excel contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Excel fails to validate specially-crafted macros. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
42731	Microsoft Excel Conditional Formatting Value Unspecified Code Execution
42730	Microsoft Excel BIFF File Format Rich Text Tag Malformed Tag Memory Corruption A buffer overflow exists in Excel. The program fails to validate BIFF files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
42725	Microsoft Excel XLS Malformed Formula Memory Corruption
42724	Microsoft Excel Style Record Handling Memory Corruption
42723	Microsoft Excel SLK File Import Unspecified Arbitrary Code Execution A code execution flaw exists in Excel. The Import function fails to validate SLK files resulting in code execution via an unspecified vector. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
42722	Microsoft Excel BIFF8 Spreadsheet DVAL Record Handling Arbitrary Code Execution
40344	Microsoft Excel Malformed Header File Handling Remote Code Execution An unspecified memory corruption flaw exists in Excel. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-11-19	Microsoft Office Excel style record overflow attempt RuleID : 32206 - Revision : 2 - Type : FILE-OFFICE
2014-01-10	Microsoft SYmbolic LinK file magic detected RuleID : 23701 - Revision : 12 - Type : FILE-IDENTIFY
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 23459 - Revision : 3 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 23458 - Revision : 3 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 23457 - Revision : 3 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel style record overflow attempt RuleID : 22052 - Revision : 8 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 21158 - Revision : 6 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 21157 - Revision : 6 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 21156 - Revision : 6 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel File Importing Code Execution RuleID : 20062 - Revision : 13 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel malformed formula parsing code execution attempt RuleID : 17655 - Revision : 15 - Type : FILE-OFFICE
2014-01-10	Microsoft SYmbolic LinK file magic detected RuleID : 13585 - Revision : 21 - Type : FILE-IDENTIFY
2014-01-10	CSV file download request RuleID : 13584 - Revision : 21 - Type : FILE-IDENTIFY
2014-01-10	Microsoft SYmbolic LinK file download request RuleID : 13583 - Revision : 24 - Type : FILE-IDENTIFY
2014-01-10	Microsoft Excel sst record arbitrary code execution attempt RuleID : 13582 - Revision : 15 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel dval record arbitrary code execution attempt RuleID : 13571 - Revision : 24 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel cf record arbitrary code excecution attempt RuleID : 13570 - Revision : 21 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel macro validation arbitrary code execution attempt RuleID : 13569 - Revision : 15 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2010-10-20	Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_mar2008.nasl - Type : ACT_GATHER_INFO
2008-03-11	Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms08-014.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-11-19 21:23:19	Multiple Updates
2014-02-17 11:45:54	Multiple Updates
2014-01-19 21:30:10	Multiple Updates
2013-05-11 00:49:18	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	3
CWE ID(s)	8
Oval ID(s)	7
CPE ID(s)	14
Saint Exploit(s)	2
osvdb(s)	8
ExploitDB Exploit(s)	1
Snort® Rule(s)	18
Nessus® Exploit(s)	2

	Related
9.8	CVE-2008-0081
9.3	MS08-043
9.3	MS08-026
9.3	MS08-013
9.3	MS07-044
9.3	KB947563
9.3	CVE-2008-0117
9.3	CVE-2008-0116
9.3	CVE-2008-0115
9.3	CVE-2008-0114
9.3	CVE-2008-0112
9.3	CVE-2008-0111
0	HPSBST02320 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 13 more Alert(s)