Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 09 Oct 2013 11:49:49 +0200
Type : VULN
Sujet : CERT-Renater : 2013/VULN448 (Microsoft : Important Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution)
====================================================================
                           CERT-Renater

               Note d'Information No. 2013/VULN448
_____________________________________________________________________

DATE                : 09/10/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running

                    Microsoft Excel,
                    Microsoft Office version 2007, 2010, 2013, for Mac,
                    Microsoft Excel Viewer,
                    Microsoft Office Compatibility Pack.

======================================================================
KB2885080
https://technet.microsoft.com/en-us/security/bulletin/ms13-085
______________________________________________________________________

Microsoft Security Bulletin MS13-085 - Important Vulnerabilities in
Microsoft Excel Could Allow Remote Code Execution (2885080)

Published: Tuesday, October 08, 2013

Version: 1.0


General Information

Executive Summary

This security update resolves two privately reported vulnerabilities in
Microsoft Office. The vulnerabilities could allow remote code execution
if a user opens a specially crafted Office file with an affected
version of Microsoft Excel or other affected Microsoft Office software.
An attacker who successfully exploited the vulnerabilities could gain
the same user rights as the current user. Users whose accounts are
configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.

This security update is rated Important for all supported editions of
Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013,
Microsoft Office 2013 RT, and Microsoft Office for Mac 2011. The update
is also rated Important for supported versions of Microsoft Excel
Viewer and Microsoft Office Compatibility Pack.


Affected Software

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Microsoft Excel Viewer
Microsoft Office Compatibility Pack Service Pack 3


Vulnerability Information

Microsoft Excel Memory Corruption Vulnerability - CVE-2013-3889

A remote code execution vulnerability exists in the way that Microsoft
Excel parses content in Excel files. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.


Microsoft Excel Memory Corruption Vulnerability - CVE-2013-3890

A remote code execution vulnerability exists in the way that Microsoft
Excel parses content in Excel files. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]