Microsoft Excel Credential Caching Vulnerability

Bugtraq ID:	30641
Class:	Unknown
CVE:	CVE-2008-3003
Remote:	Yes
Local:	No
Published:	Aug 12 2008 12:00AM
Updated:	Aug 25 2008 09:45PM
Credit:	Jeremy Funk
Vulnerable:	Microsoft Office 2008 for Mac 0 Microsoft Excel 2007 SP1 Microsoft Excel 2007 0 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 0
Not Vulnerable:

Microsoft Excel Credential Caching Vulnerability

Microsoft Excel is prone to a vulnerability that allows unauthorized access to remote data source credentials that have been cached in Excel files.

This issue is limited to Microsoft Excel 2007 and Microsoft Office 2008 for Mac.

Microsoft Excel Credential Caching Vulnerability

An attacker must have access to a vulnerable Excel file to exploit this issue.

Microsoft Excel Credential Caching Vulnerability

Solution:
Microsoft has released a security bulletin that addresses this vulnerability.


Microsoft Office 2008 for Mac 0

• Microsoft Microsoft Office 2008 for Mac 12.1.2 Update
  http://www.microsoft.com/downloads/details.aspx?FamilyId=9515C70D-BE80 -4ADE-856A-EA542F7D84E1

Microsoft Excel 2007 SP1

• Microsoft Security Update for Microsoft Office Excel 2007 (KB951546)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=2753e8d6-e156 -49ef-af2d-4c521c808ffd

Microsoft Excel 2007 0

• Microsoft Security Update for Microsoft Office Excel 2007 (KB951546)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=2753e8d6-e156 -49ef-af2d-4c521c808ffd

Microsoft Excel Credential Caching Vulnerability

References:

• MS08-043 : How to prevent this information disclosure vulnerability (Microsoft)
  
• ASA-2008-337 MS08-043 Vulnerabilities in Microsoft Excel Could Allow Remote Code (Avaya Inc. )
  
• Microsoft Security Bulletin MS08-043 (Microsoft)