Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities

This host is installed with Microsoft Office Excel and is prone to multiple remote code execution vulnerabilities. This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902410.

The flaws are due to: - An error in the usage of a specific field used for incrementing an array index. The application will copy the contents of the specified element into a statically sized buffer on the stack. - An error in parsing Office Art record, when parsing an office art object record, if an error occurs, the application will add a stray reference to an element which is part of a linked list. When receiving a window message, the application will proceed to navigate this linked list. This will access a method from the malformed object which can lead to code execution under the context of the application.

Microsoft Office Excel 2010

No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.