Excel Flaws

By Lisa Vaas  |  Posted 2007-07-10 Print this article Print

The third critical vulnerability in .Net lies within the frameworks JIT (Just In Time) Compiler (CVE-2007-0043). This too is a remote code execution flaw wherein a successful attacker can take over a target system and then install programs; view, change or delete data; or create new accounts with full user rights. Again, users running with reduced rights could be less impacted than those running as administrators. The mitigating factors for the JIT bug are the same as those for the PE Loader flaw. Microsoft has extensive workaround instructions—check the MS07-040 bulletin site to get them.
For its part, Excels suffering from three critical vulnerabilities addressed in a second security bulletin. All three are remotely exploitable and can set vulnerable systems up for getting walloped by a Trojan horse, said McAfees Marcus.
"Vulnerabilities in Office applications have been a favorite attack method among cybercrooks," he said in a statement. "Trojan horse attacks often use rigged Office files that exploit vulnerabilities in the productivity applications." One of Excels flaws is a remotely exploitable calculation error vulnerability (CVE-2007-1756) that could let attackers send a malformed Excel file as an e-mail attachment or host a maliciously crafted Excel file on a compromised or malicious site. The second and third Excel vulnerabilities, also remotely exploitable, are both Worksheet Memory Corruption flaws (CVE-2007-3029 and CVE-2007-3030). These flaws also entail malicious files being hosted on Web sites or sent via e-mail attachments. For mitigating factors and workarounds, see Microsofts Security Bulletin MS07-036. To read to read why Microsoft chose not to issue a patch to fix an Internet Information Server 5.0 vulnerability, click here. Microsofts final critical security bulletin, MS07-039, covers a vulnerability in Windows Active Directory that could lead to system hijacking. Active Directory, a Microsoft implementation of LDAP directory services, is used primarily in Windows environments. Its main purpose is central authentication and authorization services for Windows-based computers. Administrators also use it to assign policies, deploy software, and apply critical updates to entire organizations. Active Directory stores information and settings relating to an organization in a central, organized, accessible database. Active Directory networks can range in size from a few hundred objects on up to millions of objects. "Active Directory is widely used as a directory service by businesses," McAfees Marcus said. "One of the vulnerabilities addressed today could expose Windows 2000 users to worm-type attacks since it could be exploited over the Internet by an anonymous attacker." Microsoft says that DoS (denial of service) is the likeliest outcome of this vulnerability, but remote code execution is still possible. The possibility of system takeover is threatened by a flaw in the way that Active Directory validates an LDAP request. An attacker who successfully exploited the bug could take complete control of an affected system. The DoS vulnerability in Active Directory is caused by the way AD validates a client-sent LDAP request. An attacker could exploit the vulnerability by sending a specially crafted LDAP request to a server running Active Directory. For mitigating factors and workarounds, check MS07-039. In addition to its three critical security bulletins, Microsoft also put out two important security bulletins. One of those important bulletins, MS07-037, concerns a vulnerability in Microsoft Office Publisher that could allow for system takeover. A successful exploit would involve a user viewing a specially crafted Office Publisher file. The second important security bulletin, MS07-041, involves a vulnerability in IIS (Internet Information Services) 5.1 on Windows XP Professional SP2 that could allow for system takeover. An attacker would need to send maliciously crafted URL requests to a Web page hosted by IIS. Finally, Microsoft put out a patch for a flaw it labeled moderate in Windows Vista Firewall. The flaw, which could allow incoming unsolicited network traffic to access a network interface, could give an attacker information about the affected host. For instructions on getting the updates and versions affected, check the July 2007 bulletin summary page. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel