SECUNIA ADVISORY ID: SA22339
VERIFY ADVISORY: http://secunia.com/advisories/22339/
CRITICAL: Highly critical
IMPACT: System access
WHERE: >From remote
DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
SOFTWARE:
Microsoft Word 2003 Viewer - http://secunia.com/product/5523/
Microsoft Word 2003 - http://secunia.com/product/4908/
Microsoft Word 2002 - http://secunia.com/product/2150/
Microsoft Word 2000 - http://secunia.com/product/2149/
Microsoft Visio 2003 - http://secunia.com/product/1092/
Microsoft Visio 2002 - http://secunia.com/product/1091/
Microsoft Publisher 2003 - http://secunia.com/product/10986/
Microsoft Publisher 2002 - http://secunia.com/product/30/
Microsoft Publisher 2000 - http://secunia.com/product/29/
Microsoft Project 2003 - http://secunia.com/product/3170/
Microsoft Project 2002 - http://secunia.com/product/157/
Microsoft Project 2000 - http://secunia.com/product/158/
Microsoft Powerpoint 2003 - http://secunia.com/product/5274/
Microsoft PowerPoint 2002 - http://secunia.com/product/2223/
Microsoft PowerPoint 2000 - http://secunia.com/product/3052/
Microsoft Outlook 2003 - http://secunia.com/product/3292/
Microsoft Outlook 2002 - http://secunia.com/product/34/
Microsoft Outlook 2000 - http://secunia.com/product/33/
Microsoft OneNote 2003 - http://secunia.com/product/7140/
Microsoft Office XP - http://secunia.com/product/23/
Microsoft Office X for Mac - http://secunia.com/product/2610/
Microsoft Office 2004 for Mac - http://secunia.com/product/8713/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition - http://secunia.com/product/2275/
Microsoft Office 2003 Small Business Edition - http://secunia.com/product/2277/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft InfoPath 2003 - http://secunia.com/product/6463/
Microsoft Access 2000 - http://secunia.com/product/36/
Microsoft Access 2002 - http://secunia.com/product/35/
Microsoft Access 2003 - http://secunia.com/product/4904/
Microsoft Excel 2000 - http://secunia.com/product/3054/
Microsoft Excel 2002 - http://secunia.com/product/4043/
Microsoft Excel 2003 - http://secunia.com/product/4970/
Microsoft Excel Viewer 2003 - http://secunia.com/product/7700/
Microsoft Frontpage 2000 - http://secunia.com/product/27/
Microsoft Frontpage 2002 - http://secunia.com/product/26/
Microsoft Frontpage 2003 - http://secunia.com/product/6997/
DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
1) An unspecified boundary error within the parsing of certain strings can be exploited to cause a buffer overflow via a specially crafted Office document.
2) A boundary error when parsing chart records can be exploited to cause a buffer overflow via a specially crafted Office document.
3) An unspecified boundary error when parsing certain records can be exploited to cause a buffer overflow via a specially crafted Office document.
4) A boundary error within the parsing of Smart Tags can be exploited to cause a buffer overflow via a specially crafted Office document.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
SOLUTION: Apply patches.
Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=E0C7E1E4-7859-4C7E-898E-1CF05014885B
Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=958EE063-D88D-4E45-8555-4D1C4730F5C8
Microsoft Office 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=0D399F68-EC0D-4768-9846-B16B3DADF247
Microsoft Project 2000 SR1: http://www.microsoft.com/downloads/details.aspx?FamilyId=266A9870-CD03-45CA-877B-B5AD2C873FE5
Microsoft Project 2002 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=A77DEA18-D237-4BB0-9464-CE31B6AE52D6
Microsoft Visio 2002 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4B7660-0FC5-43E5-9683-B6DAE96136BB
Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/
Microsoft Office v. X for Mac: http://www.microsoft.com/mac/
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Dejun Meng, Fortinet.
2) The vendor credits Arnaud Dovi.
3) The vendor credits Sowhat, Nevis Labs.
ORIGINAL ADVISORY: MS06-062 (KB922581): http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
Microsoft Office Multiple Code Execution VulnerabilitiesPosted on Wednesday, October 11, 2006 @ 02:19:07 CDT in Security |