VCP
  |
  SOFTWARE
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: MARCH 2008
MICROSOFT SECURITY BULLETIN: MARCH 2008
MICROSOFT SECURITY BULLETIN: MARCH 2008
 Home // News  //  Microsoft // Microsoft Security Bulletin: March 2008
Email This Page URL  Print This Page

Microsoft Corp. has released four security bulletins encompassing 12 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx

CVE Number: CVE-2008-0081
iDefense Title: Microsoft Excel Macro Validation Remote Code Execution Vulnerability
iDefense Master ID: 467185
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Excel spreadsheet application macro validation allows attackers to execute arbitrary code in the context of the user who started Excel.

CVE Number: CVE-2008-0111
iDefense Title: Microsoft Excel DVAL Heap Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 460062
iDefense Severity: MEDIUM

Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application format allows attackers to execute arbitrary code in the context of the user who started Excel.

CVE Number: CVE-2008-0112
iDefense Title: Microsoft Office Excel File Import Memory Corruption Vulnerability
iDefense Master ID: 467859
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Office Excel could allow attackers to execute arbitrary remote code in the context of the targeted user.

CVE Number: CVE-2008-0114
iDefense Title: Microsoft Excel Style Record Data Memory Corruption Remote Code Execution Vulnerability
iDefense Master ID: 467862
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Office Excel could allow attackers to execute arbitrary remote code in the context of the targeted user.

CVE Number: CVE-2008-0115
iDefense Title: Microsoft Office Excel 2003 Malformed Formula Memory Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 462624
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel 2003 could allow attackers to execute arbitrary code in the context of the currently logged-on user.

CVE Number: CVE-2008-0116
iDefense Title: Microsoft Office Excel Rich Text Memory Corruption Vulnerability
iDefense Master ID: 467854
iDefense Severity: MEDIUM

Remote exploitation of memory corruption vulnerability in multiple versions of Microsoft Corp.'s Office Excel could allow attackers to execute arbitrary code on the targeted host.

CVE Number: CVE-2008-0117
iDefense Title: Microsoft Office Excel Conditional Formatting Memory Corruption Vulnerability
iDefense Master ID: 467861
iDefense Severity: MEDIUM

Remote exploitation of memory corruption vulnerability in multiple versions of Microsoft Corp.'s Office Excel could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS08-015: Vulnerability in Microsoft Outlook Could Allow Remote Execution (949031)
http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx

CVE Number: CVE-2008-0110
iDefense Title: Microsoft Outlook "mailto" Command Line Switch Injection (iDefense Exclusive)
iDefense Master ID: 461839
iDefense Severity: HIGH
iDefense Initial Disclosure Date: July 3, 2007

Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow attackers to execute arbitrary code.
 

Security Bulletin MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx

CVE Number: CVE-2008-0113
iDefense Title: Microsoft Excel Cell Parsing Memory Corruption Vulnerability
iDefense Master ID: 467860
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-0118
iDefense Title: Microsoft Excel Malformed File Memory Corruption Vulnerability
iDefense Master ID: 467863
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code.
 

Security Bulletin MS08-017: Vulnerability in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx

CVE Number: CVE-2006-4695
iDefense Title: Microsoft Office Web Components 2000 URL Parsing Arbitrary Code Execution Vulnerability
iDefense Master ID: 467855
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office Web Components 2000 could allow an attacker to execute arbitrary code with the privileges of the logged-on user.

CVE Number: CVE-2008-1201
iDefense Title: Microsoft Office Web Components DataSource Code Execution Vulnerability
iDefense Master ID: 467856
iDefense Severity: HIGH

Remote exploitation of a code execution vulnerability in Microsoft Corp.'s Office Web Components could allow an attacker to execute arbitrary code in the security context of the user.