BID:53342

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability

Info

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability

Bugtraq ID:	53342
Class:	Unknown
CVE:	CVE-2012-0141
Remote:	Yes
Local:	No
Published:	May 08 2012 12:00AM
Updated:	Apr 19 2013 02:40AM
Credit:	Omair
Vulnerable:	Microsoft Office Compatibility Pack SP3 Microsoft Office Compatibility Pack SP2 Microsoft Office 2010 (64-bit edition) SP1 Microsoft Office 2010 (64-bit edition) 0 Microsoft Office 2010 (32-bit edition) 0 Microsoft Office 2010 (32-bit edition) SP1 Microsoft Office 2007 SP3 Microsoft Office 2007 SP2 Microsoft Office 2007 SP1 Microsoft Office 2007 0 + Microsoft Access 2007 0 + Microsoft Access 2007 0 + Microsoft Excel 2003 + Microsoft Excel 2007 0 + Microsoft Excel 2007 0 + Microsoft FrontPage 2003 + Microsoft Groove 2007 0 + Microsoft Groove 2007 0 + Microsoft InfoPath 2003 + Microsoft InfoPath 2007 0 + Microsoft InfoPath 2007 0 + Microsoft Office Communicator 2007 0 + Microsoft Office Communicator 2007 0 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft Outlook 2007 0 + Microsoft Outlook 2007 0 + Microsoft PowerPoint 2003 0 + Microsoft PowerPoint 2007 0 + Microsoft PowerPoint 2007 0 + Microsoft Project Professional 2007 0 + Microsoft Project Professional 2007 0 + Microsoft Project Standard 2007 0 + Microsoft Project Standard 2007 0 + Microsoft Publisher 2003 + Microsoft Publisher 2007 0 + Microsoft Publisher 2007 0 + Microsoft SharePoint Designer 2007 0 + Microsoft SharePoint Designer 2007 0 + Microsoft Visio Professional 2007 0 + Microsoft Visio Professional 2007 0 + Microsoft Visio Standard 2007 0 + Microsoft Visio Standard 2007 0 Microsoft Excel Viewer 0 Microsoft Excel 2011 for Mac 0 Microsoft Excel 2010 SP1 Microsoft Excel 2010 0 Microsoft Excel 2008 for Mac 0 Microsoft Excel 2007 SP3 Microsoft Excel 2007 SP2 Microsoft Excel 2007 SP1 Microsoft Excel 2007 0 Microsoft Excel 2003 SP3 Microsoft Excel 2003 SP2 Microsoft Excel 2003 SP1 + Microsoft Office 2003 SP1

Not Vulnerable:

Discussion

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability

Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error.

Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

Exploit / POC

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for details.

Microsoft Office 2007 SP3

Microsoft Security Update for Microsoft Office 2007 suites (KB2597969)
http://www.microsoft.com/downloads/details.aspx?familyid=6ff6650c-eaf4 -4c7d-986c-c4d9e5324dac

Microsoft Office 2007 SP2

Microsoft Security Update for Microsoft Office 2007 suites (KB2597969)
http://www.microsoft.com/downloads/details.aspx?familyid=6ff6650c-eaf4 -4c7d-986c-c4d9e5324dac

Microsoft Excel 2003 SP3

Microsoft Security Update for Microsoft Office Excel 2003 (KB2597086)
http://www.microsoft.com/downloads/details.aspx?familyid=162901b1-4c1d -476f-99e9-218780897f92

Microsoft Excel Viewer 0

Microsoft Security Update for Microsoft Office Excel Viewer 2007 (KB2596842)
http://www.microsoft.com/downloads/details.aspx?familyid=9dedfb18-a651 -49f7-b1fc-78f7b6cb234a

Microsoft Excel 2010 0

Microsoft Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=f537f6d0-be63 -42af-8b39-fa6f38715f84

Microsoft Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=123b96d9-de3f -4aab-bcf8-bf9089fef400

Microsoft Office 2010 (64-bit edition) SP1

Microsoft Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=ec4371f6-644d -430d-880f-12425f1b36d4

Microsoft Office 2010 (64-bit edition) 0

Microsoft Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=ec4371f6-644d -430d-880f-12425f1b36d4

Microsoft Office Compatibility Pack SP3

Microsoft Security Update for Microsoft Office 2007 suites (KB2597162)
http://www.microsoft.com/downloads/details.aspx?familyid=a8386ad9-635f -45a7-b33e-ac9a3ca55f82

Microsoft Office 2010 (32-bit edition) 0

Microsoft Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=2e1060fa-c43d -42df-be5f-f536d9b39ba4

Microsoft Office Compatibility Pack SP2

Microsoft Security Update for Microsoft Office 2007 suites (KB2597162)
http://www.microsoft.com/downloads/details.aspx?familyid=a8386ad9-635f -45a7-b33e-ac9a3ca55f82

Microsoft Excel 2007 SP3

Microsoft Security Update for Microsoft Office Excel 2007 (KB2597161)
http://www.microsoft.com/downloads/details.aspx?familyid=22b9b3a6-ad09 -4397-892c-2190a86baf3e

Microsoft Office 2010 (32-bit edition) SP1

Microsoft Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=2e1060fa-c43d -42df-be5f-f536d9b39ba4

Microsoft Excel 2007 SP2

Microsoft Security Update for Microsoft Office Excel 2007 (KB2597161)
http://www.microsoft.com/downloads/details.aspx?familyid=22b9b3a6-ad09 -4397-892c-2190a86baf3e

Microsoft Excel 2010 SP1

Microsoft Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=f537f6d0-be63 -42af-8b39-fa6f38715f84

Microsoft Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=123b96d9-de3f -4aab-bcf8-bf9089fef400

References

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability

References:

Microsoft Excel Homepage (Microsoft )
Microsoft Security Bulletin MS12-030 (Microsoft)