Microsoft Works File Converter File Parsing Vulnerabilities

Posted on Tuesday, February 12, 2008 @ 16:28:21 PST in Security
by Raven

SECUNIA ADVISORY ID: SA28904

VERIFY ADVISORY: http://secunia.com/advisories/28904/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/
Microsoft Works 8.x http://secunia.com/product/7215/
Microsoft Works Suite 2005 http://secunia.com/product/8711/

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Office and Microsoft Works, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.


1) An error in the Works File Converter when processing section length headers can be exploited via a specially crafted Works (.wps) file.
2) An error in the Works File Converter when processing section header index table information can be exploited via a specially crafted Works (.wps) file.
3) An error in the Works File Converter when processing field length information can be exploited via a specially crafted Works (.wps) file.

SOLUTION: Apply patches.
Microsoft Office 2003 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Microsoft Office 2003 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Microsoft Works 8.0: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286

PROVIDED AND/OR DISCOVERED BY: The vendor credits
Damian Put via VeriSign iDefense VCP.
IBM ISS X-Force.
VeriSign iDefense VCP.

ORIGINAL ADVISORY: MS08-011 (KB947081): http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 361,880,674
  • Today: 102,062
Server InfoServer Info
  • Jul 18, 2018
  • 10:56 pm PDT
 
 

Daily Inspiration