TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
(MS08-043) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Vulnerability Identifier: CVE-2008-3004; CVE-2008-3005; CVE-2008-3006; CVE-2008-3003
Discovery Date: Aug 12, 2008
Risk: Critical
Affected Software:
  • 2007 Microsoft Office System
  • 2007 Microsoft Office System Service Pack 1
  • Microsoft Excel Viewer 2003
  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office 2003 Service Pack 2
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
  • Microsoft Office Excel Viewer
  • Microsoft Office Excel Viewer 2003 Service Pack 3
  • Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2007 Service Pack 1
  • Microsoft Office SharePoint Server 2007 x64 Edition
  • Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1
  • Microsoft Office XP Service Pack 3
Description:

This security update resolves vulnerabilities in Microsoft Office Excel which could allow an attacker to take complete control of an affected system through a specially crafted Excel file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer administrative privileges could be less impacted than users who operate with full administrative user rights.


Patch Information:

Patches for this vulnerability can be downloaded on this Microsoft Web page.


Workaround Fixes:

Microsoft recommends using the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources. The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

Do not open or save Microsoft Office files received from untrusted sources or received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.

For systems running Excel 2007, edit the connections.xml inside the .XLSX file and manually remove the password. It is also recommended to use Excel 2007 to encrypt files with data connections. From within Excel 2007, users may save the file in the Excel 97-2003 file format to be more protected from this vulnerability.

More details regarding these workarounds may be found on this Microsoft Web page.
 
Search for another Security Advisory
Keyword: