10 - TA09-314A

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Microsoft Updates for Multiple Vulnerabilities

Informations
Name	TA09-314A	First vendor Publication	2009-11-10
Vendor	US-CERT	Last vendor Modification	2009-11-10
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server and Office Word and Excel.

I. Description

Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows and Windows Server and Office Word and Excel. These bulletins are described in the Microsoft Security Bulletin Summary for November 2009.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2009. The security bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA09-314A.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-2	Inducing Account Lockout
CAPEC-82	Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147	XML Ping of Death
CAPEC-228	Resource Depletion through DTD Injection in a SOAP Message

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
12 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
12 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
12 %	CWE-20	Improper Input Validation
6 %	CWE-399	Resource Management Errors
6 %	CWE-125	Out-of-bounds Read

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5588

Oval ID:	oval:org.mitre.oval:def:5588
Title:	Win32k NULL Pointer Dereferencing Vulnerability
Description:	win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1127	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):
Definition Synopsis:
Vulnerable Microsoft Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of win32k.sys is less than 5.0.2195.7322 OR Vulnerable Microsoft Windows XP (x86) SP2 Microsoft Windows XP (x86) SP2 is installed AND the version of win32k.sys is less than 5.1.2600.3614 OR Vulnerable Microsoft Windows XP (x86) SP3 Microsoft Windows XP (x86) SP3 is installed AND the version of win32k.sys is less than 5.1.2600.5863 OR Vulnerable Microsoft Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of win32k.sys is less than 5.2.3790.4571 OR Vulnerable Windows Vista x86/x64 IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR or LDR Service branch the version of win32k.sys is less than 6.0.6000.16908 OR LDR the version of win32k.sys is less than 6.0.6000.21108 AND the version of win32k.sys is greater than 6.0.6000.20000 OR Vulnerable Windows Vista x86/x64 SP1, all Server 2008 x86/x64/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND GDR or LDR Service branch the version of win32k.sys is less than 6.0.6001.18311 OR LDR the version of win32k.sys is less than 6.0.6001.22497 AND the version of win32k.sys is greater than 6.0.6001.22000 OR Vulnerable Windows Vista x86/x64 SP2, Server 2008 x86/64/ia64 SP2 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND GDR or LDR Service branch the version of win32k.sys is less than 6.0.6002.18091 OR LDR the version of win32k.sys is less than 6.0.6002.22200 AND the version of win32k.sys is greater than 6.0.6002.22000

Definition Id: oval:org.mitre.oval:def:5878

Oval ID:	oval:org.mitre.oval:def:5878
Title:	Excel Field Sanitization Vulnerability
Description:	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3134	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack
Definition Synopsis:
IF Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0 OR Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8316.0 OR Microsoft Excel 2007 is installed AND Excel.exe version is less than 12.0.6514.5000 OR Microsoft Excel Viewer 2003 is installed AND Xlview.exe version is less than 11.0.8313.0 OR Microsoft Excel Viewer 2007 is installed AND Xlview.exe version is less than 12.0.6514.5000 OR IF Microsoft Office Compatibility Pack is installed AND Microsoft Excel 2007 is installed AND Excelcnv.exe version is less than 12.0.6514.5000

Definition Id: oval:org.mitre.oval:def:5890

Oval ID:	oval:org.mitre.oval:def:5890
Title:	LSASS Recursive Stack Overflow Vulnerability
Description:	Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1928	Version:	9
Platform(s):	Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008	Product(s):
Definition Synopsis:
Check for Windows 2000 and Vulnerable file Microsoft Windows 2000 SP4 or later is installed AND NTDS Service is installed AND Ntdsa.dll version is less than 5.0.2195.7313 AND the system is being used as AD - DomainRole is 4 or 5 OR Check for Vulnerable OS and file Check for Windows 2003 (x86/x64) Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Active Directory or ADAM Check for Vulnerable file NTDS Service is installed AND the system is being used as AD - DomainRole is 4 or 5 AND ntdsa.dll version is less than 5.2.3790.4568 OR Vulnerable ADAM Check if ADAM service is installed AND adamdsa.dll version is less than 1.1.3790.4569 OR Check for Windows 2003 (ia64) and Vulnerable file Microsoft Windows Server 2003 (ia64) SP2 is installed AND NTDS Service is installed AND the system is being used as AD - DomainRole is 4 or 5 AND ntdsa.dll version is less than 5.2.3790.4568 OR Check for Vulnerable OS and file Check for Windows XP (x86/x64) Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND Check if ADAM service is installed AND adamdsa.dll version is less than 1.1.3790.4569 OR Check for Vulnerable OS and file Check for Windows 2008 (x86/x64) Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Check for Domain Role and vulnerable file the system is being used as AD - DomainRole is 4 or 5 AND Check for file GDR or LDR ntdsai.dll version is less than 6.0.6001.18281 OR Check for LDR ntdsai.dll version is less than 6.0.6001.22461 AND ntdsai.dll is greater than or equal 6.0.6001.22000 OR Check for Vulnerable OS and file Check for Windows 2008 (x86/x64) SP2 Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Check for Domain Role and vulnerable file the system is being used as AD - DomainRole is 4 or 5 AND Check for file GDR or LDR ntdsai.dll version is less than 6.0.6002.18058 OR Check for LDR ntdsai.dll version is less than 6.0.6002.22162 AND ntdsai.dll is greater than or equal 6.0.6002.22000

Definition Id: oval:org.mitre.oval:def:6079

Oval ID:	oval:org.mitre.oval:def:6079
Title:	Web Services on Devices API Memory Corruption Vulnerability
Description:	The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2512	Version:	1
Platform(s):	Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	SMBv2
Definition Synopsis:
Windows Vista x86/x64 IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of wsdapi.dll is greater than or equal 6.0.6000.16000 AND the version of wsdapi.dll is less than 6.0.6000.16903 OR Windows Vista x86/x64 IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of wsdapi.dll is greater than or equal 6.0.6000.20000 AND the version of wsdapi.dll is less than 6.0.6000.21103 OR Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 x64 Edition is installed AND Microsoft Windows Server 2008 Itanium-Based Edition is installed AND the version of wsdapi.dll is greater than or equal 6.0.6001.18000 AND the version of wsdapi.dll is less than 6.0.6001.18306 OR Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 x64 Edition is installed AND Microsoft Windows Server 2008 Itanium-Based Edition is installed AND the version of wsdapi.dll is greater than or equal 6.0.6001.22000 AND the version of wsdapi.dll is less than 6.0.6001.22491 OR Windows Vista x86/x64 SP2, Windows Server 2008 x86/x64/ia64 SP2 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of wsdapi.dll is greater than or equal 6.0.6002.18000 AND the version of wsdapi.dll is less than 6.0.6002.18085 OR Windows Vista x86/x64 SP2, Windows Server 2008 x86/x64/ia64 SP2 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of wsdapi.dll is greater than or equal 6.0.6002.22000 AND the version of wsdapi.dll is less than 6.0.6002.22194

Definition Id: oval:org.mitre.oval:def:6137

Oval ID:	oval:org.mitre.oval:def:6137
Title:	Excel Document Parsing Heap Overflow Vulnerability
Description:	Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3130	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Excel 2002
Definition Synopsis:
Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0

Definition Id: oval:org.mitre.oval:def:6146

Oval ID:	oval:org.mitre.oval:def:6146
Title:	Excel Cache Memory Corruption Vulnerability
Description:	Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3127	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Office Excel Viewer 2003
Definition Synopsis:
IF Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0 OR Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8316.0 OR Microsoft Excel Viewer 2003 is installed AND Xlview.exe version is less than 11.0.8313.0

Definition Id: oval:org.mitre.oval:def:6265

Oval ID:	oval:org.mitre.oval:def:6265
Title:	Excel Document Parsing Memory Corruption Vulnerability
Description:	Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3133	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Excel 2002
Definition Synopsis:
Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0

Definition Id: oval:org.mitre.oval:def:6277

Oval ID:	oval:org.mitre.oval:def:6277
Title:	Win32k Insufficient Data Validation Vulnerability
Description:	The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2513	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):
Definition Synopsis:
Vulnerable on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of win32k.sys is less than 5.0.2195.7322 OR Vulnerable Windows XP x86 SP2 Microsoft Windows XP (x86) SP2 is installed AND the version of win32k.sys is less than 5.1.2600.3614 OR Vulnerable Windows XP x86 SP3 Microsoft Windows XP (x86) SP3 is installed AND the version of win32k.sys is less than 5.1.2600.5863 OR Vulnerable Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of win32k.sys is less than 5.2.3790.4571 OR Vulnerable Windows Vista x86/x64 IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR or LDR Service branch the version of win32k.sys is less than 6.0.6000.16908 OR LDR the version of win32k.sys is less than 6.0.6000.21108 AND the version of win32k.sys is greater than 6.0.6000.20000 OR Vulnerable Windows Vista x86/x64 SP1, all Server 2008 x86/x64/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND GDR or LDR Service branch the version of win32k.sys is less than 6.0.6001.18311 OR LDR the version of win32k.sys is less than 6.0.6001.22497 AND the version of win32k.sys is greater than 6.0.6001.22000 OR Vulnerable Windows Vista x86/x64 SP2, Server 2008 x86/64/ia64 SP2 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND GDR or LDR Service branch the version of win32k.sys is less than 6.0.6002.18091 OR LDR the version of win32k.sys is less than 6.0.6002.22200 AND the version of win32k.sys is greater than 6.0.6002.22000

Definition Id: oval:org.mitre.oval:def:6300

Oval ID:	oval:org.mitre.oval:def:6300
Title:	License Logging Server Heap Overflow Vulnerability
Description:	The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2523	Version:	1
Platform(s):	Microsoft Windows 2000	Product(s):	SMBv2
Definition Synopsis:
Microsoft Windows 2000 SP4 or later is installed AND The version of Llssrv.exe is less than 5.0.2195.7337

Definition Id: oval:org.mitre.oval:def:6406

Oval ID:	oval:org.mitre.oval:def:6406
Title:	Win32k EOT Parsing Vulnerability
Description:	win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2514	Version:	1
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
IF Microsoft Windows 2000 SP4 or later is installed AND the version of win32k.sys is less than 5.0.2195.7322 OR Microsoft Windows XP (x86) SP2 is installed AND the version of win32k.sys is less than 5.1.2600.3614 OR Microsoft Windows XP (x86) SP3 is installed AND the version of win32k.sys is less than 5.1.2600.5863 OR IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of win32k.sys is less than 5.2.3790.4571

Definition Id: oval:org.mitre.oval:def:6474

Oval ID:	oval:org.mitre.oval:def:6474
Title:	Excel SxView Memory Corruption Vulnerability
Description:	Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3128	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Office Excel Viewer 2003
Definition Synopsis:
IF Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0 OR Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8316.0 OR Microsoft Excel Viewer 2003 is installed AND Xlview.exe version is less than 11.0.8313.0

Definition Id: oval:org.mitre.oval:def:6518

Oval ID:	oval:org.mitre.oval:def:6518
Title:	Excel Formula Parsing Memory Corruption Vulnerability
Description:	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3131	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack
Definition Synopsis:
IF Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0 OR Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8316.0 OR Microsoft Excel 2007 is installed AND Excel.exe version is less than 12.0.6514.5000 OR Microsoft Excel Viewer 2003 is installed AND Xlview.exe version is less than 11.0.8313.0 OR Microsoft Excel Viewer 2007 is installed AND Xlview.exe version is less than 12.0.6514.5000 OR Microsoft Office Compatibility Pack is installed AND Excelcnv.exe version is less than 12.0.6514.5000

Definition Id: oval:org.mitre.oval:def:6521

Oval ID:	oval:org.mitre.oval:def:6521
Title:	Excel Featheader Record Memory Corruption Vulnerability
Description:	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3129	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack
Definition Synopsis:
IF Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0 OR Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8316.0 OR Microsoft Excel 2007 is installed AND Excel.exe version is less than 12.0.6514.5000 OR Microsoft Excel Viewer 2003 is installed AND Xlview.exe version is less than 11.0.8313.0 OR Microsoft Excel Viewer 2007 is installed AND Xlview.exe version is less than 12.0.6514.5000 OR IF Microsoft Office Compatibility Pack is installed AND Microsoft Excel 2007 is installed AND Excelcnv.exe version is less than 12.0.6514.5000

Definition Id: oval:org.mitre.oval:def:6526

Oval ID:	oval:org.mitre.oval:def:6526
Title:	Excel Index Parsing Vulnerability
Description:	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3132	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack
Definition Synopsis:
IF Microsoft Excel 2002 is installed AND Excel.exe version is less than 10.0.6856.0 OR Microsoft Excel 2003 is installed AND Excel.exe version is less than 11.0.8316.0 OR Microsoft Excel 2007 is installed AND Excel.exe version is less than 12.0.6514.5000 OR Microsoft Excel Viewer 2003 is installed AND Xlview.exe version is less than 11.0.8313.0 OR Microsoft Excel Viewer 2007 is installed AND Xlview.exe version is less than 12.0.6514.5000 OR IF Microsoft Office Compatibility Pack is installed AND Microsoft Excel 2007 is installed AND Excelcnv.exe version is less than 12.0.6514.5000

Definition Id: oval:org.mitre.oval:def:6555

Oval ID:	oval:org.mitre.oval:def:6555
Title:	Microsoft Office Word File Information Memory Corruption Vulnerability
Description:	Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3135	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Microsoft Word 2002 Microsoft Word 2003 Microsoft Office Word Viewer 2003
Definition Synopsis:
Word 2002 Microsoft Word 2002 is installed AND the version of Winword.exe is less than 10.0.6856.0 OR Word 2003 Microsoft Word 2003 is installed AND the version of Winword.exe is less than 11.0.8313.0 OR Word Viewer 2003 Microsoft Word Viewer is installed AND the version of Wordview.exe is less than 11.0.8313.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Compatibility Pack Word Excel Powerpoint cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1:::::: cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp2::::::	2
Application	Microsoft Excel cpe:2.3:a:microsoft:excel:2007:sp2:::::: cpe:2.3:a:microsoft:excel:2007:sp1:::::: cpe:2.3:a:microsoft:excel:2003:sp3:::::: cpe:2.3:a:microsoft:excel:2002:sp3::::::	4
Application	Microsoft Excel Viewer cpe:2.3:a:microsoft:excel_viewer:2003:sp3:::::: cpe:2.3:a:microsoft:excel_viewer::sp2::::::* cpe:2.3:a:microsoft:excel_viewer::sp1::::::* cpe:2.3:a:microsoft:excel_viewer:-:sp2:::::: cpe:2.3:a:microsoft:excel_viewer:-:sp1::::::	5
Application	Microsoft Office cpe:2.3:a:microsoft:office:2008::mac::::: cpe:2.3:a:microsoft:office:2008:::::macos:: cpe:2.3:a:microsoft:office:2004::mac::::: cpe:2.3:a:microsoft:office:2004:::::macos::	4
Application	Microsoft Office Word cpe:2.3:a:microsoft:office_word:2003:sp3:::::: cpe:2.3:a:microsoft:office_word:2002:sp3::::::	2
Application	Microsoft Office Word Viewer cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:::::: cpe:2.3:a:microsoft:office_word_viewer::::::::	2
Application	Microsoft Open Xml File Format Converter cpe:2.3:a:microsoft:open_xml_file_format_converter::::::macos::* cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*	2
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp4::::::*	1
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium::::: cpe:2.3:o:microsoft:windows_2003_server::sp2:x64::::: cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*	3
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:::x64:::::* cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium::::: cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::* cpe:2.3:o:microsoft:windows_server_2008::sp2:x64::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x32::::: cpe:2.3:o:microsoft:windows_server_2008:::x32:::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::* cpe:2.3:o:microsoft:windows_server_2008:-:gold:itanium:::::*	8
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista:::x64:::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista:::::::: cpe:2.3:o:microsoft:windows_vista:-:sp1:::::: cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	6
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2::::::* cpe:2.3:o:microsoft:windows_xp::sp3::::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	3

ExploitDB Exploits

id	Description
2010-08-21	MS Excel Malformed FEATHEADER Record Exploit (MS09-067)

OpenVAS Exploits

Date	Description
2010-11-25	Name : Microsoft Web Services on Devices API Remote Code Execution Vulnerability (97... File : nvt/gb_ms09-063.nasl
2009-11-12	Name : Microsoft Windows Active Directory Denial of Service Vulnerability (973309) File : nvt/secpod_ms09-066.nasl
2009-11-11	Name : MS Windows License Logging Server Remote Code Execution Vulnerability (974783) File : nvt/secpod_ms09-064.nasl
2009-11-11	Name : Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947) File : nvt/secpod_ms09-065.nasl
2009-11-11	Name : Microsoft Office Excel Multiple Vulnerabilities (972652) File : nvt/secpod_ms09-067.nasl
2009-11-11	Name : Microsoft Office Word Remote Code Execution Vulnerability (976307) File : nvt/secpod_ms09-068.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
59869	Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing ...
59868	Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Esc...
59867	Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escal...
59866	Microsoft Office Excel Document Record Parsing Memory Corruption
59865	Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handlin...
59864	Microsoft Office Excel Malformed Record Object Sanitization Failure Arbitrary...
59863	Microsoft Office Excel Formula Handling Pointer Corruption Arbitrary Code Exe...
59862	Microsoft Office Excel Cell Embeded Formula Parsing Memory Corruption
59861	Microsoft Office Excel BIFF Record Parsing Overflow
59860	Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling M... Excel contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered by a specially crafted Excel document that contains a malformed FEATHEADER object.
59859	Microsoft Office Excel SxView Record Handling Memory Corruption
59858	Microsoft Office Excel Malformed PivotCache Stream Handling Memory Corruption
59857	Microsoft Office Word Document Malformed File Information Block (FIB) Parsing...
59856	Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Re...
59855	Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW...

Information Assurance Vulnerability Management (IAVM)

Date	Description
2009-11-12	IAVM : 2009-A-0120 - Microsoft Office Word Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0021933
2009-11-12	IAVM : 2009-A-0116 - Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerab... Severity : Category I - VMSKEY : V0021937
2009-11-12	IAVM : 2009-A-0115 - Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerabi... Severity : Category I - VMSKEY : V0021938

Snort® IPS/IDS

Date	Description
2014-01-10	DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt RuleID : 5485 - Revision : 15 - Type : OS-WINDOWS
2019-12-03	Microsoft Office Excel row record buffer overflow attempt RuleID : 52066 - Revision : 1 - Type : FILE-OFFICE
2019-12-03	Microsoft Office Excel row record buffer overflow attempt RuleID : 52065 - Revision : 1 - Type : FILE-OFFICE
2015-01-06	Web Service on Devices API WSDAPI URL processing buffer corruption attempt RuleID : 32673 - Revision : 2 - Type : SERVER-OTHER
2014-11-16	Microsoft Office Excel SXDB record memory corruption attempt RuleID : 31436 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Microsoft Office Excel SXDB record memory corruption attempt RuleID : 31435 - Revision : 2 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel SXDB memory corruption attempt RuleID : 26177 - Revision : 4 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel SXDB memory corruption attempt RuleID : 26176 - Revision : 6 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Word Document remote code execution attempt RuleID : 25631 - Revision : 4 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Word Document remote code execution attempt RuleID : 25630 - Revision : 3 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 24487 - Revision : 9 - Type : FILE-PDF
2014-01-10	Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 24486 - Revision : 8 - Type : FILE-PDF
2014-01-10	Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 24485 - Revision : 8 - Type : FILE-PDF
2014-01-10	Microsoft Office Excel file SxView record exploit attempt RuleID : 23543 - Revision : 4 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel integer field in row record improper validation remote... RuleID : 23542 - Revision : 4 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 23508 - Revision : 5 - Type : FILE-PDF
2014-01-10	Microsoft Office Excel SXDB memory corruption RuleID : 21503 - Revision : 10 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Word Document remote code execution attempt RuleID : 16586 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel ptg index parsing code execution attempt RuleID : 16553 - Revision : 11 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel FeatHdr BIFF record remote code execution attempt RuleID : 16241 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel file Window/Pane record exploit attempt RuleID : 16240 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt RuleID : 16239 - Revision : 9 - Type : OS-WINDOWS
2014-01-10	DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt RuleID : 16238 - Revision : 10 - Type : OS-WINDOWS
2014-01-10	Microsoft Active Directory NTDSA stack space exhaustion attempt RuleID : 16237 - Revision : 8 - Type : SERVER-OTHER
2014-01-10	Microsoft Office Excel file SxView record exploit attempt RuleID : 16236 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel file SXDB record exploit attempt RuleID : 16235 - Revision : 13 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Word Document remote code execution attempt RuleID : 16234 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow att... RuleID : 16233 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows EOT font parsing integer overflow attempt RuleID : 16232 - Revision : 9 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt RuleID : 16231 - Revision : 22 - Type : FILE-PDF
2014-01-10	Microsoft Excel oversized ib memory corruption attempt RuleID : 16230 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel oversized ib memory corruption attempt RuleID : 16229 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Excel malformed StartObject record arbitrary code execution ... RuleID : 16228 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	Web Service on Devices API WSDAPI URL processing buffer corruption attempt RuleID : 16227 - Revision : 9 - Type : SERVER-OTHER
2014-01-10	Microsoft Office Excel integer field in row record improper validation remote... RuleID : 16226 - Revision : 11 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2010-10-20	Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_nov2009.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : Arbitrary code can be executed on the remote host. File : smb_kb974783.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : Arbitrary code can be executed on the remote host through the Web Services fo... File : smb_nt_ms09-063.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms09-064.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : The remote Windows kernel is affected by remote privilege escalation vulnerab... File : smb_nt_ms09-065.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : The installed version of Active Directory is affected by a denial of service ... File : smb_nt_ms09-066.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : Arbitrary code can be executed on the remote host through opening a Microsoft... File : smb_nt_ms09-067.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : Arbitrary code can be executed on the remote host through Microsoft Word. File : smb_nt_ms09-068.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
Capec ID(s)	4
CWE ID(s)	17
Oval ID(s)	15
CPE ID(s)	42
osvdb(s)	15
ExploitDB Exploit(s)	1
Openvas Exploit(s)	6
IAVM(s)	3
Snort® Rule(s)	35
Nessus® Exploit(s)	8

	Related
10	CVE-2009-2523
9.3	CVE-2009-3135
9.3	CVE-2009-3134
9.3	CVE-2009-3133
9.3	CVE-2009-3132
9.3	CVE-2009-3131
9.3	CVE-2009-3130
9.3	CVE-2009-3128
9.3	CVE-2009-3127
9.3	CVE-2009-2514
9.3	CVE-2009-2512
7.8	CVE-2009-3129
7.8	CVE-2009-1928
7.2	CVE-2009-2513
7.2	CVE-2009-1127
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 15 more Alert(s)