![]() For the mobile apps, visit the store for your device. To continue viewing Office files for free, we recommend installing the Office apps or storing documents in OneDrive or Dropbox, where Word Online, Excel Online or PowerPoint Online opens them in your browser. These Viewers will no longer be available for download or receive security updates. ![]() The Microsoft Office vulnerabilities affect Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3 and Microsoft Office 2004 for Mac, according to the bulletin.The Word Viewer, PowerPoint Viewer and Excel Viewer have been retired. The security bulletins also included patches on vulnerabilities affecting Microsoft Outlook that could be exploited by passing a specially crafted mailto URI, as well as a cell parsing memory corruption vulnerability and a vulnerability in the way MS Office processes malformed Office files. “We’ve observed attackers continuing to target Web plug-ins in their quest to quickly and quietly install malicious code onto users’ computers.” “All of these security bulletins are serious, but the Microsoft Office Web Components one stands out because these ActiveX components are widely distributed and relatively easy to exploit,” Greenbaum said in a statement. When viewed by the user, the vulnerability could allow for remote code execution.īen Greenbaum, a senior research manager at Symantec Security Response, counted the threat posed by the Microsoft Office Web Components vulnerabilities as the most significant issue addressed by the patches. In both cases, an attacker could exploit the vulnerability by constructing a specially crafted Web page. Vulnerabilities exist in the way Microsoft Office Web Components manages memory resources when parsing specially crafted URLs and manages memory resources, according to the bulletin. ![]() In addition to the Excel issues, the company also addressed vulnerabilities affecting Microsoft Office Web Components. Microsoft warned users in January that hackers were launching limited, targeted attacks exploiting a zero-day bug in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac. A successful exploit would allow the attacker to take complete control of an affected system, company officials wrote in the bulletin. The vulnerabilities lie in how Excel handles data validation records, file imports, style record data, malformed formulas and conditional formatting values, as well as how it handles rich text validation records when loading application data into memory and macros when opening specially-crafted Excel files. The company issued four security bulletins this month, each covering vulnerabilities that can be exploited remotely and are rated “critical”-Microsoft’s highest threat rating.Īccording to Microsoft, there are a total of seven Excel vulnerabilities, all of which could be exploited if a user opens a specially crafted file. Microsoft has plugged a number of security holes on this month’s Patch Tuesday, including much-anticipated fixes for a slew of vulnerabilities affecting Microsoft Office Excel. We may make money when you click on links to our partners. EWEEK content and product recommendations are editorially independent. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |