Microsoft Office Unspecified String Handling Vulnerability

Posted on Sunday, February 04, 2007 @ 10:39:11 PST in Security
by Raven

SECUNIA ADVISORY ID: SA24008

VERIFY ADVISORY: http://secunia.com/advisories/24008/

CRITICAL: Extremely critical

IMPACT: System access

SOFTWARE:
Microsoft Office XP - http://secunia.com/product/23/
Microsoft Office 2004 for Mac - http://secunia.com/product/8713/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition - http://secunia.com/product/2275/
Microsoft Office 2003 Small Business Edition - http://secunia.com/product/2277/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft Excel 2003 - http://secunia.com/product/4970/
Microsoft Excel 2002 - http://secunia.com/product/4043/
Microsoft Excel 2000 - http://secunia.com/product/3054/

DESCRIPTION: A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error when handling strings and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitary code.

NOTE: According to Microsoft, the vulnerability is currently being actively exploited via Excel, but other Office applications may also be affected.

SOLUTION: Do not open untrusted Office documents.

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/932553.mspx
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,375,552
  • Today: 30,556
Server InfoServer Info
  • Jan 22, 2018
  • 02:34 pm PST
 
 

Daily Inspiration