[security-alerts] FW: [SA24008] Microsoft Office Unspecified String Handling Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> Microsoft Office Unspecified String Handling Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA24008
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24008/
> 
> CRITICAL:
> Extremely critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft Office 2004 for Mac
> http://secunia.com/product/8713/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Excel 2003
> http://secunia.com/product/4970/
> Microsoft Excel 2002
> http://secunia.com/product/4043/
> Microsoft Excel 2000
> http://secunia.com/product/3054/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Office, which can be
> exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to an unspecified error when handling
> strings and can be exploited to cause a memory corruption.
> 
> Successful exploitation allows execution of arbitary code.
> 
> NOTE: According to Microsoft, the vulnerability is currently being
> actively exploited via Excel, but other Office applications may also
> be affected.
> 
> SOLUTION:
> Do not open untrusted Office documents.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered as a 0-day.
> 
> ORIGINAL ADVISORY:
> Microsoft:
> http://www.microsoft.com/technet/security/advisory/932553.mspx
>