Microsoft Office Malformed Record Memory Corruption Vulnerability
By Sowhat of Nevis Labs 2006.10.10 http://www.nevisnetworks.com http://secway.org/advisory/AD20061010.txt Vendor Microsoft Inc. Affected: Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 1 or Service Pack 2 Microsoft PowerPoint 2000 SP3 Microsoft PowerPoint XP SP3 Microsoft PowerPoint 2003 SP1, SP2 Remote: YES Exploitable: maybe ;) CVE: CVE-2006-3864 Overview: This vulnerability allows remote attackers to execute arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious Microsoft Office (DOC/PPT/XLS) file in order to redirect execution into attacker-supplied data. Exploitation requires that the attacker coerce or persuade the victim to open a malicious Microsoft Office file. (Not)Details: The specific flaw lies with in the Office binary mso.dll. There will be a memory corruption during the analysis of a malformed Microsoft Office File. Microsoft said "We have confirmed that the issue you reported to us is potentially exploitable" Because there are too many boring MS OFFICE vulnerabilities released this year, I am boring to write an technical advisory and I believe that nobody is interested in that. So I just post this advisory for record purpose only ;) Sorry. POC: No POC will be supplied Fix: Microsoft has released an update for Microsoft Office which is set to address this issue. This can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx Vendor Response: 2006.07.14 Vendor notified via [EMAIL PROTECTED] 2006.07.15 Vendor responded 2006.10.10 Vendor released MS06-062 patch 2006.10.10 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-3864 Greetings to Becky, TY Reference: 1. http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx 2. http://secway.org/vuln.htm 3. http://secway.org/advisory/AD20061010.txt -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"
