Severity: High
14 August, 2007
Summary:
Today, Microsoft released a security bulletin describing a vulnerability affecting Excel for Windows and Mac. If an attacker can entice one of your users into opening a maliciously-crafted Excel document, he can execute code on your user’s machine, possibly gaining complete control of it. If your company uses vulnerable versions of Microsoft Office or Excel, you should download, test and deploy Microsoft’s patches as soon as possible.
Exposure:
Microsoft’s security bulletin describes a new flaw affecting Microsoft Excel 2000, XP, and 2003 for Windows; and Excel 2004 for Mac. Excel doesn’t properly validate a particular index value in an Excel Workspace. Opening a specially crafted Excel worksheet could trigger this flaw and cause memory corruption vulnerability.
By enticing one of your users into opening a such a maliciously crafted Excel document, an attacker could exploit this flaw to execute code on your user’s system, with your user’s privileges. If your user has local administrative privileges, an attacker would gain complete control of his or her computer. To get your user to open the booby-trapped Excel file, the attacker might host it on a web site or send it via e-mail.
Severity: High
14 August, 2007
Summary:
Today, Microsoft released a security bulletin describing a vulnerability affecting Excel for Windows and Mac. If an attacker can entice one of your users into opening a maliciously-crafted Excel document, he can execute code on your user’s machine, possibly gaining complete control of it. If your company uses vulnerable versions of Microsoft Office or Excel, you should download, test and deploy Microsoft’s patches as soon as possible.
Exposure:
Microsoft’s security bulletin describes a new flaw affecting Microsoft Excel 2000, XP, and 2003 for Windows; and Excel 2004 for Mac. Excel doesn’t properly validate a particular index value in an Excel Workspace. Opening a specially crafted Excel worksheet could trigger this flaw and cause memory corruption vulnerability.
By enticing one of your users into opening a such a maliciously crafted Excel document, an attacker could exploit this flaw to execute code on your user’s system, with your user’s privileges. If your user has local administrative privileges, an attacker would gain complete control of his or her computer. To get your user to open the booby-trapped Excel file, the attacker might host it on a web site or send it via e-mail.
Solution Path
Microsoft has released patches correcting this Excel vulnerability. You should download, test, and deploy the appropriate patches as soon as possible.
- Windows
- Excel 2003 for Office 2003
- Excel XP for Office 2002
- Excel 2000 for Office 2000
- Mac
- Excel 2004 for Office 2004 for Mac
This vulnerability does not affect 2007 Office System
For All WatchGuard Users:
While you can configure some of WatchGuard’s Firebox models to block Excel (.XLS) documents, most organizations need to allow these file types in order to conduct business. Blocking them could bring your business to a halt. Therefore, the patches are your best recourse.
However, if you still want to block .XLS files, follow the links below for instructions:
- Firebox X Edge running 8.5
- Firebox III and X Core running WFS
- Firebox X Core and X Peak running Fireware Pro
- Vclass
- SMTP Proxy. You’ll have to create or adjust a custom proxy action based on SMTP-Incoming in order to strip .XLS files. If you have created your own Proxy Action based on SMTP-Incoming, you can edit it so that it blocks these files. In the Vcontroller software, click the Proxies button and double-click your custom proxy action. Under the Content Checking tab, change “Category” to Attachment Filename and click either the Add to Top or Insert After button (only one or the other will display). Next, type “XLS_files” as the new rule’s name, and choose Pattern Match. Next to Pattern Match, type “*.XLS” and select Strip as the Action. Now you can apply this new Proxy Action to your SMTP rule to ensure your Firebox blocks .XLS files.
- HTTP Proxy. You’ll have to create or adjust a custom proxy action based on HTTP-Outgoing in order to strip .XLS files. If you have created your own Proxy Action based on HTTP-Outgoing, you can edit it so that it blocks these files. In the Vcontroller software, click the Proxies button and double-click your custom proxy action. Under the Request General tab, change “Category” to URL Paths and click on Add. Next, type “XLS_files” as the new rule’s name, and choose Pattern Match. Next to Pattern Match, type “*.XLS” and select Strip as the Action. Now you can apply this new Proxy Action to your HTTP rule to ensure your Firebox blocks .XLS files.
Status:
Microsoft has released patches correcting these issues.
References:
- Microsoft Security Bulletin MS07-044