HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
2e4ffbf4438b0b0f934a05ed61e235bf9fb4fcd4accbe0150cd3979ef9ea1104iDefense Security Advisory 08.12.08 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This issue exists in the handling of "AxesSet" records within a chart embedded in a spreadsheet. This record is typically used for setting the location and size of a set of axes on a chart. This particular record type is not included in Microsoft's official documentation for the Excel file format. However, the freely available source code for OpenOffice implements this record type. When processing this record, Excel does not validate a value that is used as an index into the array of chart axes. By crafting an Excel spreadsheet (XLS) that contains an out-of-bounds array value, an attacker can cause memory corruption. This leads to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability with Office 2000 SP-3 fully patched as of March 2008. Other versions may also be affected.
b416d10bc128773cd656d2bd0d99254fc25631c8ebb771ae716ff16b3546229f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed