McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

(MS10-038) Microsoft Office Excel RTD Memory Corruption Vulnerability (2027452)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Maliciously Crafted File

CVE Reference: N/A

Next Steps:

Overview

A vulnerability exists in Microsoft Office Excel that could result in remote code execution.

A vulnerability exists in Microsoft Office Excel that could result in remote code execution. The vulnerability is in the way that Excel handles specially crafted Excel files. Successful exploitation of this vulnerability could allow an attacker to take complete control of an affected system.

Attack Vector

Maliciously Crafted File

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Windows   XP SP3,

Timeline

2010-06-08

Vendor has provided a patch.

2010-09-10

A proof of concept has been released.

Recommendations

The vendor has released an update to address this issue
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx

Recommendations McAfee Product Mitigation

Policy Auditor SCAP

MS10-038 - Security Update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (KB2027452, KB982331)

  • Release Date

Policy Auditor SCAP

MS10-038 - Security Update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (KB2027452, KB982331)

  • Release Date

Policy Auditor SCAP

MS10-038 - Security Update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (KB2027452, KB982331)

  • Release Date

Policy Auditor SCAP

MS10-038 - Security Update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (KB2027452, KB982331)

  • Release Date

Policy Auditor SCAP

MS10-038 - Security Update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (KB2027452, KB982331)

  • Release Date

Policy Auditor SCAP

MS10-038 - Security Update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 (KB2027452, KB982331)

  • Release Date

Additional Resources

(MS10-038) Microsoft Office Excel RTD Memory Corruption Vulnerability (2027452)
http://www.microsoft.com/technet/security/bulletin/MS10-038.mspx

United States - English