[Microsoft Alert] Microsoft Security Bulletin MS06-012

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

Issued: March 14, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Office

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

Vulnerability Details:

A remote code execution vulnerability exists in Excel using a malformed range. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.

 

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

 

Affected Software:

Microsoft Office 2000 Service Pack 3

Microsoft Office XP Service Pack 3

Microsoft Office 2003 Service Pack 1 or Service Pack 2

Microsoft Works Suites

 

 

Non - Affected Software:

Microsoft Office Excel 2000 Viewer

Microsoft Office Excel 2002 Viewer

Microsoft Word 2003

Microsoft Outlook 2003

Microsoft PowerPoint 2003

 

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

---