Antivirus and Security Software from Sophos

Psst, Mac user! We have a free Mac anti-virus just for you.

Online support

Product maintenance

Contact support

Support services

Resource centers

UK IT Security Events

Get the low-down on our cup winning security solutions to provide you with a defence dream team

Vulnerability: MS10-038 - Vulnerabilities in Microsoft Office Excel Could Allow Remove Code Execution (2027452)

Back to Latest vulnerabilities homepage

Click any highlighted term for further explanation.

Details
Vulnerability name/brief description

MS10-038 - Vulnerabilities in Microsoft Office Excel Could Allow Remove Code Execution (2027452)

CVE/CAN name CVE-2010-0821
CVE-2010-0822
CVE-2010-0823
CVE-2010-0824
CVE-2010-1245
CVE-2010-1246
CVE-2010-1247
CVE-2010-1248
CVE-2010-1249
CVE-2010-1250
CVE-2010-1251
CVE-2010-1252
CVE-2010-1253
CVE-2010-1254
Vendor threat level Important
SophosLabs threat level Medium
Solution

MS10-038

Vendor description Covers fourteen reported vulnerabilities in Microsoft Excel. Most of those vulnerabilities involve remote code execution.
SophosLabs comments Multiple Vulnerabilities in Microsoft Excel, which could lead to remote code execution via specially crafted Excel files, are addressed by this update. Considering the popularity of Microsoft Excel and the number of vulnerabilities addressed in combination of no currently known samples and that all vulnerabilities where disclosed privately, Sophos classifies this risk as 'Medium'.
SophosLabs testing result N/A
Currently known exploits At the time of writing SophosLabs have not observed any malware attempting to exploit this vulnerability. Should this situation change samples will be analyzed and we will take action as necessary.
First sample seen N/A
Discovery date 8th June 2010
Affected software Microsoft Excel 2002 Service Pack 3
Microsoft Excel 2003 Service Pack 3
Microsoft Excel 2007 Service Packs 1 and 2
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Excel Viewer Service Packs 1 and 2
Microsoft Office Compatibility Pack for Word, Excel and Powerpoint 2007 Service Packs 1 and 2
References http://www.microsoft.com/technet/security/bulletin/MS10-038.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1254
Credits Microsoft MAPP
Revisions 8th June 2010 - Initial analysis written

Explanation of terms

Vulnerability Name/Brief Description:
Vendor identifier plus a brief description of the type of attack.

CVE/CAN Name:
Currently assigned CVE name. If a CVE name doesn't exist the CAN name will be used until a CVE has been assigned.

Vendor Threat Level:
Threat level assigned by the vendor

SophosLabs Threat Level:
Threat level assigned by SophosLabs

  • LOW RISK - There is little chance of this vulnerability being actively exploited by malware.
  • MEDIUM RISK - There is a possibility of this vulnerability being actively exploited by malware.
  • HIGH RISK - There is a strong possibility of this vulnerability being actively exploited by malware.
  • CRITICAL RISK - This vulnerability will almost certainly be actively exploited by malware.

Solution:
Vendor-supplied Patch identifier and recommended solution, or workaround if applicable.

Vendor Description:
Summary of the cause and potential effect of the vulnerability provided by the vendor.

SophosLabs Comments:
SophosLabs' opinions and observations of the vulnerability in question.

SophosLabs Testing Result:
Details of completed lab testing, if applicable. Please note that the lab test environment may differ significantly from user environments.

Currently Known Exploits:
List of identities for known exploits, if applicable.

First Sample Seen:
Date of the first sample seen by SophosLabs.

Discovery Date:
Date of the earliest known publically disclosed advisory.

Affected Software:
Vulnerable platforms and software versions.

If you need more information or guidance, then please contact technical support.