Ravens PHP Scripts

Microsoft Office Unspecified String Handling Vulnerability
Date: Sunday, February 04, 2007 @ 09:39:11 PST
Topic: Security


SECUNIA ADVISORY ID: SA24008

VERIFY ADVISORY: http://secunia.com/advisories/24008/

CRITICAL: Extremely critical

IMPACT: System access

SOFTWARE:
Microsoft Office XP - http://secunia.com/product/23/
Microsoft Office 2004 for Mac - http://secunia.com/product/8713/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition - http://secunia.com/product/2275/
Microsoft Office 2003 Small Business Edition - http://secunia.com/product/2277/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft Excel 2003 - http://secunia.com/product/4970/
Microsoft Excel 2002 - http://secunia.com/product/4043/
Microsoft Excel 2000 - http://secunia.com/product/3054/

DESCRIPTION: A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.


The vulnerability is caused due to an unspecified error when handling strings and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitary code.

NOTE: According to Microsoft, the vulnerability is currently being actively exploited via Excel, but other Office applications may also be affected.

SOLUTION: Do not open untrusted Office documents.

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/932553.mspx






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2726