Published: 2008-03-15T12:16+00:00
Last Updated: 2008-05-07T08:00+00:00
TRTA08-071A
Microsoft Updates for Multiple Vulnerabilities
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components.
Event Information
| Date (UTC) | Description |
| 2008-03-30 |
Bugtraq Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016) Vulnerability Proof Of Concept (Microsoft Office Memory Corruption Vulnerability - MS08-016) #Cid: 28146.tgz #Cid: 2008-ms08-016.tgz #Tested: Office XP SP3 |
| 2008-03-21 07:34 |
Bugtraq Microsoft Office Excel Code Execution Exploit (MS08-014) Vulnerability Proof Of Concept (Vulnerabilities in Microsoft Excel - MS08-014) #Cid: zha0_ms08_014.rar #Cid: 2008-zha0_ms08_014.rar #Tested: Windows XP SP2 + Office 2003 |
| 2008-03-13 22:00 |
Symantec ThreatCON (2) => (1) Microsoft released four security bulletins for March 2008, patching various critical vulnerabilities. Patches have been available for over 24 hours and none of the issues are being leveraged in the wild. |
| 2008-03-13 01:57 |
Microsoft Microsoft Security Advisory (947563): Vulnerability in Microsoft Excel Could Allow Remote Code Execution Macro Validation Vulnerability (MS08-014, CVE-2008-0081) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-014 to address this issue. |
| 2008-03-12 02:01 |
JPCERT/CC JPCERT-AT-2008-0004: Mar 2008 Microsoft Security Bulletin (including four critical patches) |
| 2008-03-11 21:12 |
Microsoft MS08-MAR: Microsoft Security Bulletin Summary for March 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-03-11 21:07 |
US-CERT TRTA08-071A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-03-11 18:00 |
Symantec ThreatCON (1) => (2) |
| 2008-03-11 17:54 |
US-CERT Microsoft Releases March Security Bulletin US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Microsoft Excel, Outlook, Office, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. All of these vulnerabilities could allow an attacker to execute arbitrary code. |
| 2008-03-11 |
SANS Internet Storm Center March Black Tuesday Overview Overview of the March 2008 Microsoft patches and their status. |
| 2008-03-10 19:25 |
US-CERT Trojan Exploiting Microsoft Excel Vulnerability US-CERT Current Activity US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system. |
| 2008-03-10 |
Websense Inc. Microsoft Excel High-risk Zero-day Vulnerability Excel Conditional Formatting Vulnerability (CVE-2008-0117, MS08-014) |
| 2008-03-10 |
SANS Internet Storm Center Active exploitation of Excel vulnerability The US-CERT has published a warning on active exploitation of a vulnerability in Microsoft Excel, described in Microsoft Security Advisory 947563. We can confirm these attacks and have been tracking several exploits over the last few days. |
| 2008-03-05 |
Symantec Trojan.Mdropper.AA Exploit for Macro Validation Vulnerability (MS08-014, CVE-2008-0081) |
| 2008-03-03 |
Trend Micro TROJ_MDROP.AH Exploit for Macro Validation Vulnerability (MS08-014, CVE-2008-0081) |
| 2008-02-12 |
IBM Internet Security Systems Microsoft Excel Remote Code Execution Vulnerability Macro Validation Vulnerability (MS08-014, CVE-2008-0081) Microsoft Excel could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified error in the handling of Excel files. |
| 2008-01-16 06:39 |
Microsoft Microsoft Security Advisory (947563): Vulnerability in Microsoft Excel Could Allow Remote Code Execution Macro Validation Vulnerability (MS08-014, CVE-2008-0081) |
| 2008-01-16 02:54 |
SANS Internet Storm Center New MS Excel vulnerability could allow remote code execution Microsoft has just released an advisory and blog entry on a newly discovered vulnerability in MS Excel products. The vulnerability is, according to the blog, already actively exploited by targeted attacks. Excel 2003SP3 and Excel 2007 are not affected, but most other versions are. |
| 2008-01-10 |
McAfee Exploit-MSExcel.p |
| 2007-10-17 |
TippingPoint TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability Excel Rich Text Validation Vulnerability (CVE-2008-0116, MS08-014) Vulnerability Reported |
| 2007-07-27 |
iDefense Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability Excel Formula Parsing Vulnerability (MS08-014, CVE-2008-0115) Vulnerability Reported This vulnerability specifically exists due to the improper handling of malformed formulas. By creating a document containing a specially crafted formula, an attacker is able to cause memory corruption that leads to arbitrary code execution. |
| 2007-07-03 |
iDefense Microsoft Outlook mailto Command Line Switch Injection Outlook URI Vulnerability (MS08-015, CVE-2008-0110) Vulnerability Reported Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution. It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration. |
| 2007-05-22 |
Zero Day Initiative (ZDI) ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability Microsoft Office Cell Parsing Memory Corruption Vulnerability (MS08-016, CVE-2008-0113) Vulnerability Reported This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. |
| 2007-05-09 |
iDefense Microsoft Excel DVAL Heap Corruption Vulnerability Excel Data Validation Record Vulnerability (MS08-014, CVE-2008-0111) Vulnerability Reported The vulnerability exists in the handling of DVAL records in BIFF8 format spreadsheet files. When certain fields are set to invalid values, heap corruption occurs. |