top of page

Sugar Reset 🚫🍫

Public·11 members
Dobrynya Shiryaev
Dobrynya Shiryaev

Microsoft Office Standard For Mac 2011


Go to Download Earlier Versions of Office on the Microsoft page at: www.microsoft.com/software-download/office. It is important you only trust official sites from Microsoft or when reinstalling the product. Check the website address before proceeding to download.




Microsoft Office Standard For Mac 2011



Microsoft Jscript and VBscript engines are prone to a remote code execution vulnerability that is caused by the way JScript and VBScript scripting engines process scripts in Web pages. When the scripting engines attempt to reallocate memory while decoding a script in order to run it, an integer overflow can occur.Affected Software:JScript 5.7 and VBScript 5.7JScript 5.8 and VBScript 5.8JScript 5.6 and VBScript 5.6Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):April Security Updates for XP Embedded SP3 and Standard 2009 Are Now on ECE (KB2514666, 2510531, 2510581)August Security Updates for XPe SP3 and Standard 2009 Are Now on ECE (KB2510581)ConsequenceAn attacker who successfully exploits this vulnerability could run arbitrary code in the context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (JScript 5.7 and VBScript 5.7)Windows XP Service Pack 3 (JScript 5.8 and VBScript 5.8)Windows XP Professional x64 Edition Service Pack 2 (JScript 5.6 and VBScript 5.6)Windows XP Professional x64 Edition Service Pack 2 (JScript 5.7 and VBScript 5.7)Windows XP Professional x64 Edition Service Pack 2 (JScript 5.8 and VBScript 5.8)Windows Server 2003 Service Pack 2 (JScript 5.6 and VBScript 5.6)Windows Server 2003 Service Pack 2 (JScript 5.7 and VBScript 5.7)Windows Server 2003 Service Pack 2 (JScript 5.8 and VBScript 5.8)Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.6 and VBScript 5.6)Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.7 and VBScript 5.7)Windows Server 2003 x64 Edition Service Pack 2 (JScript 5.8 and VBScript 5.8)Windows Server 2003 with SP2 for Itanium-based Systems (JScript 5.6 and VBScript 5.6)For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-031.Workaround:1) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zoneImpact of workarounds #1 and #2: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.Microsoft Internet Explorer Cumulative Security Update (MS11-018)SeverityCritical4Qualys ID100099Vendor ReferenceMS11-018CVE ReferenceCVE-2011-0094, CVE-2011-0346, CVE-2011-1244, CVE-2011-1245, CVE-2011-1345CVSS ScoresBase 9.3 / Temporal 7.7DescriptionMicrosoft Internet Explorer is a Web browser available for Microsoft Windows. Microsoft has released a security update that resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, content during certain processes, and script during certain processes. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):April Security Updates for XP Embedded SP3 and Standard 2009 Are Now on ECE (KB2497640)ConsequenceThe most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploits any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Internet Explorer 6)Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)Windows Server 2003 Service Pack 2 (Internet Explorer 6)Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)Windows XP Service Pack 3 (Internet Explorer 7)Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)Windows Server 2003 Service Pack 2 (Internet Explorer 7)Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)Windows Vista Service Pack 1 and Windows Vista Service Pack 2 (Internet Explorer 7)Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 (Internet Explorer 7)Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 7)Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Internet Explorer 7)Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 (Internet Explorer 7)For a complete list of patch download links, please refer to Microsoft Security Bulletin MS11-018.Workaround:1) Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting2) Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zoneImpact of workarounds #1 and #2: On visiting Web sites on the Internet or Intranet that use ActiveX or Active Scripting to provide additional functionality, you will be prompted frequently when you enable this workaround.3) Read e-mails in plain textMicrosoft SMB Client Remote Code Execution Vulnerability (MS11-019)SeverityCritical4Qualys ID90692Vendor ReferenceMS11-019CVE ReferenceCVE-2011-0654, CVE-2011-0660CVSS ScoresBase 10 / Temporal 8.3DescriptionMicrosoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows. Microsoft SMB Client is prone to a remote code execution vulnerability.Microsoft has released a security update that addresses the vulnerabilities by correcting the manner in which the CIFS Browser handles specially crafted Browser messages, and correcting the manner in which the SMB client validates specially crafted SMB responses.This security update is rated Critical for all supported releases of Microsoft Windows.Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):April Security Updates for XP Embedded SP3 and Standard 2009 Are Now on ECE (KB2511455)ConsequenceThe vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista Service Pack 1 and Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Refer to Microsoft Security Bulletin MS11-019 for further details.Workaround:1) Block TCP ports 138 at the firewallImpact of workaround #1: Applications that rely on the Computer Browser service will not function.2) TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability. Impact of workaround #2: Blocking the ports can cause several windows services or applications using those ports to stop functioning.Microsoft SMB Server Remote Code Execution Vulnerability (MS11-020)SeverityUrgent5Qualys ID90699Vendor ReferenceMS11-020CVE ReferenceCVE-2011-0661CVSS ScoresBase 10 / Temporal 7.4DescriptionMicrosoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows. An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. The vulnerability is caused when the Microsoft SMB Protocol software improperly handles SMB packets, including some preauthentication scenarios. This vulnerability affects SMB version 1 and SMB version 2.Microsoft has released a security update that addresses the vulnerability by correcting the way that SMB validates fields in malformed SMB requests.This security update is rated Critical for all supported releases of Microsoft Windows. Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):April Security Updates for XP Embedded SP3 and Standard 2009 Are Now on ECE (KB2508429)ConsequenceSuccessful exploitation could lead to arbitrary execution of code.SolutionPatch:Following are links for downloading patches to fix this vulnerability:Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista Service Pack 1 and Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for Itanium-based SystemsWindows Server 2008 R2 for Itanium-based Systems Service Pack 1Refer to Microsoft Security Bulletin MS11-020 for further details.Workaround:1) TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability. Impact of workaround #1: Blocking the ports can cause several windows services or applications using those ports to stop functioning.Microsoft Excel Remote Code Execution Vulnerabilities (MS11-021)SeverityCritical4Qualys ID110132Vendor ReferenceMS11-021CVE ReferenceCVE-2011-0097, CVE-2011-0098, CVE-2011-0101, CVE-2011-0103, CVE-2011-0104, CVE-2011-0105, CVE-2011-0978, CVE-2011-0979, CVE-2011-0980CVSS ScoresBase 9.3 / Temporal 7.7DescriptionMicrosoft Excel is a proprietary spreadsheet application written and distributed by Microsoft.Microsoft Excel is vulnerable to multiple remote code execution vulnerabilities. Microsoft has released an update that addresses the vulnerability by correcting the way that Microsoft Excel manages data structures, validates record information, initializes variables used in memory operations, and allocates buffer space when parsing a specially crafted file.This security update is rated Important for all supported editions of Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; Open XML File Format Converter for Mac; and all supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.ConsequenceAn attacker who successfully exploits these vulnerabilities could take complete control of an affected system.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Office XP Service Pack 3 (Microsoft Excel 2002 Service Pack 3)Microsoft Office 2003 Service Pack 3 (Microsoft Excel 2003 Service Pack 3)Microsoft Office 2007 Service Pack 2 (Microsoft Excel 2007 Service Pack 2)Microsoft Office 2010 (32-bit editions) (Microsoft Excel 2010 (32-bit editions))Microsoft Office 2010 (64-bit editions) (Microsoft Excel 2010 (64-bit editions))Microsoft Office 2004 for MacMicrosoft Office 2008 for MacMicrosoft Office for Mac 2011Open XML File Format Converter for MacMicrosoft Excel Viewer Service Pack 2Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2Refer to Microsoft Security Bulletin MS11-021 for further details.Workaround:1) Avoid opening Office files received from un-trusted sources.2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865.Impact of workaround #2:Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE lose their macro functionality. Documents protected with passwords and Digital Rights Management cannot be converted.3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources. The following registry scripts can be used to set the File Block policy.Impact of workaround #3:If File Block policy is configured without special "exempt directory" configuration (see KB922848), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.Microsoft PowerPoint Remote Code Execution Vulnerability (MS11-022)SeverityCritical4Qualys ID110148Vendor ReferenceMS11-022CVE ReferenceCVE-2011-0655, CVE-2011-0656, CVE-2011-0976CVSS ScoresBase 9.3 / Temporal 7.7DescriptionMicrosoft PowerPoint is a proprietary presentation application written and distributed by Microsoft.PowerPoint is prone to multiple vulnerabilities that could lead to remote code execution (CVE-2011-0655, CVE-2011-0656, CVE-2011-0976).Microsoft has released a security update that addresses the vulnerabilities by modifying the way PowerPoint validates records when opening PowerPoint filesThis security update is rated Important for all supported releases of Microsoft PowerPoint; Microsoft Office for Mac; Open XML File Format Converter for Mac; Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats; Microsoft PowerPoint Viewer, and Microsoft PowerPoint Web AppConsequenceAn attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Office XP Service Pack 3 (Microsoft PowerPoint 2002 Service Pack 3)Microsoft Office 2003 Service Pack 3 (Microsoft PowerPoint 2003 Service Pack 3)Microsoft Office 2007 Service Pack 2 (Microsoft PowerPoint 2007 Service Pack 2)Microsoft Office 2010 (32-bit editions) (Microsoft PowerPoint 2010 (32-bit editions))Microsoft Office 2010 (64-bit editions) (Microsoft PowerPoint 2010 (64-bit editions))Microsoft Office 2004 for MacMicrosoft Office 2008 for MacMicrosoft Office for Mac 2011Open XML File Format Converter for MacMicrosoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2Microsoft PowerPoint Viewer 2007 Service Pack 2Refer to Microsoft Security Bulletin MS11-022 for further details.Workaround:1) Avoid opening Office files received from un-trusted sources.2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files. Information on MOICE can be found at KB935865.Impact of workaround #2: Office 2003 and earlier formatted documents that are converted to the 2007 Microsoft Office System Open XML format by MOICE lose their macro functionality. Documents protected with passwords and Digital Rights Management cannot be converted.3) Microsoft Office File Block policy should be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources.Impact of workaround #3: If File Block policy is configured without special "exempt directory" configuration (see KB922848), Office 2003 files or earlier versions will not open in Office 2003 or 2007 Microsoft Office System.4) Set Office File Validation to disable editing in protected view in PowerPoint 2010.Impact of workaround #4: Office File Validation will no longer allow the editing of suspicious files in PowerPoint 2010.Microsoft Office Remote Code Execution Vulnerability (MS11-023)SeverityUrgent5Qualys ID110146Vendor ReferenceMS11-023CVE ReferenceCVE-2011-0107, CVE-2011-0977CVSS ScoresBase 9.3 / Temporal 7.7DescriptionMicrosoft Office is prone to the following vulnerabilities:- A remote code execution vulnerability exists in the way that Microsoft Office handles the loading of DLL files. (CVE-2011-0107)- A remote code execution vulnerability exists in the way that Microsoft Office handles graphic objects when parsing a specially crafted Office file. (CVE-2011-0977)Microsoft has released an update that addresses the vulnerabilities by correcting the way that Microsoft Office handles graphic objects in specially crafted Office files and by correcting the manner in which Microsoft Office loads external libraries.This security update is rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; and Open XML File Format Converter for Mac.ConsequenceBy exploiting these vulnerabilities, an attacker could take complete control of an affected system.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Office XP Service Pack 3Microsoft Office 2003 Service Pack 3Microsoft Office 2007 Service Pack 2Microsoft Office 2004 for MacMicrosoft Office 2008 for MacOpen XML File Format Converter for MacRefer to Microsoft Security Bulletin MS11-023 for further details.Workaround:1) Avoid opening Office files received from un-trusted sources.2) Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources because it protects Office 2003 installations by more securel


About

Welcome to the group! You can connect with other members, ge...

Members

  • LifeAtSHP
  • William Ong
    William Ong
  • Airam Rojas Zerpa
    Airam Rojas Zerpa
  • Otto Zykov
    Otto Zykov
  • Ezekiel Wood
    Ezekiel Wood
bottom of page