Sean Larsson

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 Office 2008 and 2011 for Mac Office Compatibility Pack versions SP2 and SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, allowing attackers to execute arbitrary code via a crafted spreadsheet. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Excel 2007 SP2 and SP3, and 2010 SP1, apply the necessary patch to resolve the issue. For Office 2008 and 2011 for Mac, update to a version that includes the fix for this issue. For Office Compatibility Pack SP2 and SP3, apply the necessary patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 Office 2008 and 2011 for Mac Excel Viewer Office Compatibility Pack versions SP2 and SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files. This allows an attacker to execute arbitrary code via a crafted spreadsheet. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1, update to a newer version to mitigate the risk. For Office 2008 and 2011 for Mac, update to a newer version to mitigate the risk. For Excel Viewer, update to a newer version to mitigate the risk. For Office Compatibility Pack versions SP2 and SP3, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2007 SP2 through 2007 SP3 Microsoft Excel 2010 Gold and 2010 SP1 Microsoft Excel Viewer (affected versions not specified) Microsoft Office Compatibility Pack versions SP2 through SP3 **Description** A remote code execution issue exists in the way Microsoft Excel handles specially crafted Excel files, allowing attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2007 SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2010 Gold and 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Excel Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Office Compatibility Pack SP2 and SP3, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel 2007 versions SP1 through SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2 **Description** A remote code execution issue exists in the way Microsoft Office Excel handles specially crafted Excel files, potentially allowing attackers to execute arbitrary code via a crafted spreadsheet. This can occur when a MDXSET record is broken up into several records. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office Excel 2007 versions SP1 and SP2, update to a version that is not affected by this issue. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 and SP2, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted Excel files that could trigger the MDXSET record heap overflow until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel 2007 versions SP1 through SP2 Office 2004 for Mac **Description** A remote code execution issue exists due to improper parsing of the Excel file format, allowing attackers to execute arbitrary code via a crafted spreadsheet. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office Excel 2007 versions SP1 through SP2, update to a version that properly handles the Excel file format to prevent exploitation. For Office 2004 for Mac, update to a version that properly handles the Excel file format to prevent exploitation. As a temporary workaround, consider avoiding the use of specially crafted Excel files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel versions 2002 SP3, 2003 SP3, 2007 SP1 and SP2 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Office Excel Viewer versions SP1 and SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 and SP2 **Description** A remote code execution issue exists due to improper parsing of the Excel file format, allowing attackers to execute arbitrary code via a crafted spreadsheet. This could lead to an attacker taking complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office Excel 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel 2007 SP1 and SP2, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Office Excel Viewer SP1 and SP2, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint versions 2002 SP3 through 2003 SP3 **Description** A use-after-free issue in Microsoft Office PowerPoint allows remote attackers to execute arbitrary code via a crafted PowerPoint document. This is a remote code execution vulnerability that exists in the way Microsoft Office PowerPoint handles specially crafted PowerPoint files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office PowerPoint versions 2002 SP3 and 2003 SP3, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Word versions 2002 SP3 through 2003 SP3 Microsoft Works version 8.5 Office Converter Pack (affected versions not specified) WordPad in Windows versions 2000 SP4 through Server 2003 SP2 **Description** The issue allows remote attackers to execute arbitrary code via a specially crafted Word file, which triggers a heap-based buffer overflow due to an integer overflow in the text converters. This occurs when a user opens a malicious file, such as a DOC file with an invalid number of property names in the DocumentSummaryInformation stream. **Recommendations** For Microsoft Office Word versions 2002 SP3 through 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Works version 8.5, consider disabling the use of text converters until a patch is available. For Office Converter Pack, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For WordPad in Windows versions 2000 SP4 through Server 2003 SP2, restrict access to opening specially crafted Word 97 files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel versions 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Office Excel Viewer versions 2003 SP3, SP1, and SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 and SP2 **Description** The issue is related to the handling of a FEATHEADER record in Excel files, specifically when the record contains an invalid cbHdrData size element. This can lead to memory corruption and allow remote attackers to execute arbitrary code. An attacker who successfully exploits this issue could gain complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office Excel versions 2002 SP3, 2003 SP3, and 2007 SP1 and SP2, update to a newer version that includes the fix for this issue. For Office 2004 and 2008 for Mac, update to a newer version that includes the fix for this issue. For Open XML File Format Converter for Mac, update to a newer version that includes the fix for this issue. For Office Excel Viewer versions 2003 SP3, SP1, and SP2, update to a newer version that includes the fix for this issue. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 and SP2, update to a newer version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of spreadsheets with FEATHEADER records until a patch is available.

Name of the Vulnerable Software and Affected Versions: Microsoft Office XP SP3 Microsoft Office 2000 Web Components SP3 Microsoft Office XP Web Components SP3 Microsoft BizTalk Server 2002 Microsoft Visual Studio .NET 2003 SP1 Description: The issue is related to a buffer overflow in the Office Web Components ActiveX Control, which allows remote attackers to execute arbitrary code via crafted property values. Recommendations: For Microsoft Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Office 2000 Web Components SP3, update to a version that includes the fix for this issue. For Microsoft Office XP Web Components SP3, update to a version that includes the fix for this issue. For Microsoft BizTalk Server 2002, update to a version that includes the fix for this issue. For Microsoft Visual Studio .NET 2003 SP1, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Open XML File Format Converter for Mac Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 Microsoft Office SharePoint Server 2007 SP1 Microsoft Office SharePoint Server 2007 SP2 **Description** The issue allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record containing a numeric field that specifies an invalid number of unique strings, triggering a heap-based buffer overflow. This could enable an attacker to take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office 2000 SP3, update to a newer version to mitigate the risk. For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2004 for Mac, update to a newer version to mitigate the risk. For Microsoft Office 2008 for Mac, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP1, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP2, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Office Excel Viewer, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk. For Microsoft Office SharePoint Server 2007 SP1, update to a newer version to mitigate the risk. For Microsoft Office SharePoint Server 2007 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of Excel files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint versions 2002 SP3 through 2003 SP3 Microsoft Office 2004 for Mac **Description** A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file. This occurs when PowerPoint reads more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer. The vulnerability can be exploited by creating a specially crafted PowerPoint file that could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site. **Recommendations** For Microsoft Office PowerPoint versions 2002 SP3 and 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office 2004 for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of Notes containers in PowerPoint files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint versions 2002 SP3 through 2003 SP3 **Description** The issue is related to an integer overflow that allows remote attackers to execute arbitrary code via a crafted PowerPoint file. This file can contain a record type for collaboration information for different slides with a field specifying a large number of records, triggering an under-allocated buffer and a heap-based buffer overflow. A remote code execution vulnerability exists in the way Microsoft Office PowerPoint handles specially crafted PowerPoint files, which could be exploited by an attacker creating such a file to be included as an email attachment or hosted on a specially crafted or compromised website. **Recommendations** For Microsoft Office PowerPoint versions 2002 SP3 and 2003 SP3, update to a version that includes a fix for the integer overflow issue to prevent exploitation. As a temporary workaround, consider avoiding the use of collaboration information for different slides in PowerPoint files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint versions 2000 SP3 through 2007 SP2 PowerPoint Viewer versions 2003 through 2007 SP2 Microsoft Office 2004 for Mac and 2008 for Mac Open XML File Format Converter for Mac Microsoft Works versions 8.5 through 9.0 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2 **Description** A remote code execution issue exists due to improper validation of PowerPoint files, allowing attackers to execute arbitrary code via crafted BuildList records that include ChartBuild containers, which triggers memory corruption. This can be exploited by creating a specially crafted PowerPoint file that could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site. **Recommendations** For Microsoft Office PowerPoint versions 2000 SP3 through 2007 SP2, update to a version that properly validates PowerPoint files. For PowerPoint Viewer versions 2003 through 2007 SP2, update to a version that properly validates PowerPoint files. For Microsoft Office 2004 for Mac and 2008 for Mac, update to a version that properly validates PowerPoint files. For Open XML File Format Converter for Mac, update to a version that properly validates PowerPoint files. For Microsoft Works versions 8.5 through 9.0, update to a version that properly validates PowerPoint files. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2, update to a version that properly validates PowerPoint files.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version, including Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2 **Description** The issue is related to a stack-based buffer overflow in the Word 97 text converter in WordPad, allowing remote attackers to execute arbitrary code via a crafted Word 97 file. This occurs due to the use of inconsistent integer data sizes for an unspecified length field, leading to memory corruption. A remote code execution vulnerability exists in WordPad when a user opens a specially crafted Word file, resulting in memory corruption. **Recommendations** For Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of WordPad to open Word 97 files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader and Acrobat Professional versions 7.1.0 through 9.0.0 **Description** The issue is related to a heap-based buffer overflow that can be triggered by a PDF file containing a JBIG2 stream with a size inconsistency. This inconsistency is related to an unspecified table, allowing remote attackers to execute arbitrary code. **Recommendations** For Adobe Acrobat Reader and Acrobat Professional versions 7.1.0 through 9.0.0, update to a version that contains a fix for this issue to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org versions 2.0 through 2.4 **Description** The issue is related to an integer overflow in the `rtl allocateMemory` function, which can lead to a heap-based buffer overflow. This can be triggered by a crafted file, potentially allowing remote attackers to execute arbitrary code. **Recommendations** For OpenOffice.org versions 2.0 through 2.4, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: GIMP versions prior to 2.2.16 Description: The issue is related to multiple integer overflows in the image loader plug-ins, which can be exploited by user-assisted remote attackers to execute arbitrary code. This can be achieved through crafted length values in various file types, including DICOM, PNM, PSD, PSP, Sun RAS, XBM, and XWD files. Recommendations: For versions prior to 2.2.16, update to version 2.2.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cyrus IMAPd versions prior to 2.2.11 **Description** The issue is related to multiple buffer overflows that may allow attackers to execute arbitrary code. The overflows occur due to off-by-one errors in the imapd annotate extension and "cached header handling," as well as stack-based buffer overflows in fetchnews and imapd. **Recommendations** For versions prior to 2.2.11, update to version 2.2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the annotate extension and fetchnews until a patch is available. Avoid using the vulnerable functions in imapd until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** openSUSE versions (affected versions not specified) SUSE Linux Enterprise versions (affected versions not specified) X.Org X11 server (xserver) versions 7.1-1.1.0 and other versions before 20070403 **Description** The issue involves multiple vulnerabilities in various packages of openSUSE and SUSE Linux Enterprise operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer overflow in the ALLOCATE LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server allows remote authenticated users to execute arbitrary code via a large expression, resulting in memory corruption. **Recommendations** For openSUSE, update to a version that contains a fix for this vulnerability. For SUSE Linux Enterprise, update to a version that contains a fix for this vulnerability. For X.Org X11 server (xserver), update to a version after 20070403. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected packages, so it is recommended to monitor the official sources for updates.