Microsoft Excel Unspecified Remote Code Execution Vulnerability
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2009-0238,MS09-009
Data do informe: 01 julho 2011
Descrição
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
Exposição das informações
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1003309
Trend Micro Deep Security DPI Rule Name: 1003309 - Microsoft Excel Unspecified Remote Code Execution Vulnerability
Software infectado e versão:
- microsoft excel 2004
- microsoft excel_viewer
- microsoft office 2008
- microsoft office_compatibility_pack 2007
- microsoft office_excel 2000
- microsoft office_excel 2002
- microsoft office_excel 2003
- microsoft office_excel 2007
- microsoft office_excel_viewer 2003