Contains vulnerability 30150

[Jay Adam]

Vulnerable Applications........Please Help!!

Hi all,

I recently had Windows XP reinstalled on my PC due to a problem I had, and also had MS Office 2007 installed again.

When I did a system Scan with Kaspersky Internet Security 2009 it made detections which included the following message:

file: c:\...\microsoftoffice\office12\mspub.exe:contains vulnerability 30150

Similar detections were made for Word and Excel with different codes.

I wasn't sure what to do and wanted confirmation, and therefore in System Security Section for Kaspersky, I ran Security Analyzer which also detects vulnerable applications and again the following were highlighted: Word, Excel and Publisher.

They were all marked as very dangerous for "Criticality".

It also gave the following "solution" links for each application:


Word http://www.viruslist.com/en/advisories/30143


Excel http://www.viruslist.com/en/advisories/31454


Publisher http://www.viruslist.com/en/advisories/30150

On the same PC when I had Windows XP and Microsoft Office 2007 previously before reinstallation, Kaspersky never detected this, and my mate who I bought the PC from has assured me that everything was reinstalled safely and is free of viruses.


I'm not sure what this all means or what to do!

Can someone please explain all this to me in simple terms and what I should do??


Thank you!

Kind regards,

Jay

 

[Ian]

It looks like you need to patch your Office installation to the latest version - it's not a virus but a vulnerability which could be exploited.

Depending on which version of office you have, download and run the patch files suggested in the solution section on the page you linked to:

Apply updates.

Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9215ff71-38c0-416a-b89a-fe3474160f41

Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=b348a518-221e-4567-a797-999715a8b2ef

Microsoft Office 2003 SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c

2007 Microsoft Office System (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550

Microsoft Word Viewer 2003 (optionally with SP3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682
x?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15-a7e1-5a15fedef52f

Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=99F54471-CCF9-4D94-A882-A05ECD128ADC

Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=395D1487-A3A6-4106-A0F8-4D6E1D6D89D2

It's quite normal for things like this to be discovered every so often - it happens all the time with Adobe Flash, PDF files and other popular applications (especially IE and Firefox).

Your previous installation might not have this flagged as the problem might not have been discovered then, or it was patched automatically via Microsoft Update.

 

[muckshifter]

Go to "Windows Update Site" and signup for Office updates.

Or

Go download This program and check ALL your installed programs, you may be in for a shock.

 

[Jay Adam]

Thank you for your advice guys.

I installed the updates for Publisher and Excel and Kaspersky no longer identifies vulnerabilites for them.


However, for Word 2007, I installed this update:

http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550

yet Kaspersky still identifies it as vulnerable and marks it as very dangerous!


1) Any ideas what I should do?

2) Should it be a cause for concern or do you think I should just leave it?


Thank you!

Jay

 

[muckshifter]

I would have no cause for concern, but if you want a second opinion, pop on over to ...

http://forum.kaspersky.com/

 

[Jay Adam]

Thank you muckshifter.

For reference, here is the response I got from Kaspersky on the matter after I contacted them directly:


Hello,

Essentially the vulnerabilities that you are seeing are not a direct threat to your machine. They are legitimate programs such as Java run time, Microsoft office etc. They have been flagged up as vulnerabilities as your system could be made more secure by updating these Applications. However this is not entirely necessary.

The wording "very/highly" dangerous is slightly over the top and is something we are working to rephrase. I would only be concerned if you have an item highlighted with a red exclamation mark noting "Trojan."

To remove the vulnerabilities please right click the object and "add to exclusions"

Please contact me if you have any further queries.

Best regards,

Kaspersky Lab Support Team