![]() The Powerpoint vulnerability is caused by a heap overflow. The problem stems from pointer arithmetic that can be manipulated by a malformed spreadsheet. The Excel vulnerability is currently being exploited in the wild with the Mdropper Trojan, which has been associated with a large number of compound document attacks in recent months. This bulletin covers remote code execution vulnerabilities in Powerpoint and Excel. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Users who are unable to upgrade should apply the update from MS09-034. ![]() An attacker could then install programs view, change, or delete data or create new accounts with full user rights. Microsoft recommends that all users of Microsoft Visio Viewer 2002 and Microsoft Visio Viewer 2003 upgrade to the latest version of Microsoft Visio Viewer 2007 to address this vulnerability. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |