{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Office Excel Viewer 2003 Service Pack ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Excel 2002 Service Pack 3 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office SharePoint Server 2007 x64 Edition ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office SharePoint Server 2007 Service Pack 1 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office 2008 pour Mac.","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office SharePoint Server 2007 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office SharePoint Server 2007 Service Pack 1 x64 Edition ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office Excel Viewer 2003 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office Excel Viewer ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Excel 2003 Service Pack 3 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office Compatibility Pack pour les formats Office 2007 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Excel 2007 Service Pack 1 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Excel 2000 Service Pack 3 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Excel 2007 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office Compatibility Pack pour les formats Office 2007 Service Pack 1 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office 2004 pour Mac ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Excel 2003 Service Pack 2 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l'application\nbureautique Microsoft Excel\u00a0:\n\n-   l'application ne manipule pas correctement les enregistrements\n    FORMAT dans un document Excel servant \u00e0 l'indexation de tables ;\n-   l'application ne manipule pas correctement les enregistrements\n    AxesSet de graphiques inclus dans un document Excel ;\n-   l'application ne traite pas correctement les formats de fichiers\n    BIFF et en particulier les enregistrements COUNTRY ;\n-   l'application ne d\u00e9truit pas correctement la cha\u00eene de caract\u00e8res\n    servant de mot de passe quand le fichier est param\u00e9tr\u00e9 pour ne pas\n    param\u00e9tr\u00e9 pour ne pas enregistrer le mot de passe de session de\n    donn\u00e9es distant.\n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es et provoquer une corruption\nde m\u00e9moire afin d'ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-043 de Microsoft pour\nl'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-3004","url":"https://www.cve.org/CVERecord?id=CVE-2008-3004"},{"name":"CVE-2008-3005","url":"https://www.cve.org/CVERecord?id=CVE-2008-3005"},{"name":"CVE-2008-3006","url":"https://www.cve.org/CVERecord?id=CVE-2008-3006"},{"name":"CVE-2008-3003","url":"https://www.cve.org/CVERecord?id=CVE-2008-3003"}],"links":[{"title":"Avis de s\u00e9curit\u00e9 TippingPoint ZDI-08-048 du 12 ao\u00fbt 2008 :","url":"http://www.zerodayinitiative.com/advisories/ZDI-08-048"},{"title":"Avis de s\u00e9curit\u00e9 iDefense du 12 ao\u00fbt 2008 :","url":"http://labs.idefense.com/intelligence/vulnerabilities/"}],"reference":"CERTA-2008-AVI-404","revisions":[{"description":"version initiale.","revision_date":"2008-08-13T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l'application\nbureautique Microsoft Excel. Elles peuvent \u00eatre exploit\u00e9es \u00e0 distance\nvia un fichier sp\u00e9cialement construit afin d'ex\u00e9cuter des commandes\narbitraires sur le syst\u00e8me vuln\u00e9rable sur lequel le document serait\nouvert.\n","title":"Vuln\u00e9rabilit\u00e9s dans Microsoft Excel","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS08-043 du 12 ao\u00fbt 2008","url":"http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx"}]}