CERT-In:Indian Computer Emergency Response Team

HOME > ADVISORIES

ADVISORY

CERT-In Advisory CIAD-2010-16
Multiple Vulnerabilities in Microsoft Windows Movie Maker and Microsoft Office Excel

Original issue date: March 10, 2010

Systems Affected

Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7

Components affected

Movie Maker 2.1
Movie Maker 6.0
Microsoft Producer 2003
Microsoft Office Excel

Overview

Multiple remote code execution vulnerabilities in Microsoft Windows Movie Maker and Microsoft Office Excel.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin

Severity

CERT-In Vulnerability Notes

MS10-016: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution

Medium

CIVN-2010-58:
Microsoft Windows Movie Maker and Producer Remote Code Execution Vulnerability

MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

High

CIVN-2010-59:
Microsoft Office Excel Record parsing arbitrary code execution Vulnerability

CIVN-2010-60:
Microsoft Office Excel Record Memory Corruption Vulnerability

CIVN-2010-61:
Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability

CIVN-2010-62:
Microsoft Office Excel Sheet Object Type Confusion Vulnerability

CIVN-2010-63:
Microsoft Excel MDXTUPLE Record Remote Heap Buffer Overflow Vulnerability

CIVN-2010-64:
Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability

CIVN-2010-65:
Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin March 2010
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Advisory CIAD-2010-16 Multiple Vulnerabilities in Microsoft Windows Movie Maker and Microsoft Office Excel

CERT-In Advisory CIAD-2010-16
Multiple Vulnerabilities in Microsoft Windows Movie Maker and Microsoft Office Excel