The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. This security update resolves eight privately reported vulnerabilities in Microsoft Office. Version: 1.1 General Information Executive Summary Security Bulletin Microsoft Security Bulletin MS11-045 - Important Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |