Ravens PHP Scripts

Microsoft RichEdit OLE Dialog Memory Corruption Vulnerability
Date: Tuesday, February 13, 2007 @ 18:12:55 PST
Topic: Security


SECUNIA ADVISORY ID: SA24152

VERIFY ADVISORY: http://secunia.com/advisories/24152/

CRITICAL: Moderately critical

IMPACT: System access

WHERE: >From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Professional - http://secunia.com/product/1/
Microsoft Windows 2000 Server - http://secunia.com/product/20/
Microsoft Windows Server 2003 Datacenter Edition - http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition - http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition - http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition - http://secunia.com/product/1176/
Microsoft Windows Storage Server 2003 - http://secunia.com/product/12399/
Microsoft Windows XP Home Edition - http://secunia.com/product/16/
Microsoft Windows XP Professional - http://secunia.com/product/22/

SOFTWARE:




Microsoft Access 2000 - http://secunia.com/product/36/
Microsoft Access 2002 - http://secunia.com/product/35/
Microsoft Access 2003 - http://secunia.com/product/4904/
Microsoft Excel 2000 - http://secunia.com/product/3054/
Microsoft Excel 2002 - http://secunia.com/product/4043/
Microsoft Excel 2003 - http://secunia.com/product/4970/
Microsoft Frontpage 2000 - http://secunia.com/product/27/
Microsoft Frontpage 2002 - http://secunia.com/product/26/
Microsoft Frontpage 2003 - http://secunia.com/product/6997/
Microsoft InfoPath 2003 - http://secunia.com/product/6463/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2003 Proofing Tools - http://secunia.com/product/7426/
Microsoft Visio 2003 - http://secunia.com/product/1092/
Microsoft OneNote 2003 - http://secunia.com/product/7140/
Microsoft Outlook 2000 - http://secunia.com/product/33/
Microsoft Outlook 2002 - http://secunia.com/product/34/
Microsoft Outlook 2003 - http://secunia.com/product/3292/
Microsoft Word 2003 Viewer - http://secunia.com/product/5523/
Microsoft Word 2003 - http://secunia.com/product/4908/
Microsoft Word 2002 - http://secunia.com/product/2150/
Microsoft Word 2000 - http://secunia.com/product/2149/
Microsoft Visio 2002 - http://secunia.com/product/1091/
Microsoft Project 2002 - http://secunia.com/product/157/
Microsoft Project 2003 - http://secunia.com/product/3170/
Microsoft Publisher 2000 - http://secunia.com/product/29/
Microsoft Publisher 2002 - http://secunia.com/product/30/
Microsoft Publisher 2003 - http://secunia.com/product/10986/
Microsoft Office 2004 for Mac - http://secunia.com/product/8713/

DESCRIPTION: A vulnerability has been reported in Microsoft Windows and Microsoft Office, which can be exploited by malicious people to compromise a users system.

The vulnerability is caused due to an error in RichEdit components handling of OLE objects in RTF (Rich Text Format) files. This can be exploited to cause a memory corruption by e.g. tricking a user into opening a malicious RTF document using a Microsoft Office application and interact with a specially crafted, embedded OLE object.

SOLUTION: Apply patches.
Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=0b0b13d3-b2fb-4cf4-8ee1-51871d39eecd
Microsoft Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=3159428d-7212-4bf0-9699-3dbae5db6ca1
Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=daf2f7ac-20b4-4ec9-9467-2ddd4fc493d6
Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=2e8d2355-d5c5-406d-9322-5fe1b2134d2f
Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=ed6dd20f-4c0b-48f7-a1f9-613265506835
Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=3b6ee258-b636-455b-8833-74dea6269e24
Microsoft Office 2000 Service Pack 3: (KB920906) http://www.microsoft.com/downloads/details.aspx?FamilyID=2FF67E78-2A08-45C9-A7AC-09678D060439
Microsoft Office XP Service Pack 3: (KB920816) http://www.microsoft.com/downloads/details.aspx?FamilyId=85C5162C-FC35-40B4-AD04-ADD247950423
Microsoft Office 2003 Service Pack 2: (KB920813) http://www.microsoft.com/downloads/details.aspx?FamilyId=6C3BCAB8-0C99-4BE6-8DE7-71D463473A4A
Microsoft Project 2000 Service Release 1:(KB920906) http://www.microsoft.com/downloads/details.aspx?FamilyId=019B11FC-00B8-451C-AB3C-772780D4C46A
Microsoft Office 2000 Multilanguage Packs: (KB920906) http://www.microsoft.com/downloads/details.aspx?FamilyID=B5A087F8-74D2-4184-9986-23AB3C4EF7F2
Microsoft Project 2002 Service Pack 1: (KB920816) http://www.microsoft.com/downloads/details.aspx?FamilyId=D162C366-C5E7-4850-B773-1FE669FAEEAF
Microsoft Visio 2002 Service Pack 2: (KB920816) http://www.microsoft.com/downloads/details.aspx?FamilyId=B4D2E182-0997-46BC-94AC-B4B0A523C51C
Microsoft Learning Essentials 1.0, 1.1, and 1.5 for Microsoft Office: (KB929437) http://www.microsoft.com/downloads/details.aspx?FamilyId=6215BD5B-1CB3-4FED-B08C-C31A88A75EBD
Microsoft Global Input Method Editor for Office 2000 (Japanese): (KB920906) http://www.microsoft.com/downloads/details.aspx?FamilyID=2FF67E78-2A08-45C9-A7AC-09678D060439
Microsoft Office 2004 for Mac: (KB932185) http://www.microsoft.com/mac/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
* Kostya Kortchinsky of Immunity, Inc.
* Fabrice Desclaux of EADS Common Research Center.

ORIGINAL ADVISORY: MS07-013 (KB918118):http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2750