TITLE: Microsoft Office Multiple Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA22339
VERIFY ADVISORY: http://secunia.com/advisories/22339/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Word 2003 Viewer http://secunia.com/product/5523/ Microsoft Word 2003 http://secunia.com/product/4908/ Microsoft Word 2002 http://secunia.com/product/2150/ Microsoft Word 2000 http://secunia.com/product/2149/ Microsoft Visio 2003 http://secunia.com/product/1092/ Microsoft Visio 2002 http://secunia.com/product/1091/ Microsoft Publisher 2003 http://secunia.com/product/10986/ Microsoft Publisher 2002 http://secunia.com/product/30/ Microsoft Publisher 2000 http://secunia.com/product/29/ Microsoft Project 2003 http://secunia.com/product/3170/ Microsoft Project 2002 http://secunia.com/product/157/ Microsoft Project 2000 http://secunia.com/product/158/ Microsoft Powerpoint 2003 http://secunia.com/product/5274/ Microsoft PowerPoint 2002 http://secunia.com/product/2223/ Microsoft PowerPoint 2000 http://secunia.com/product/3052/ Microsoft Outlook 2003 http://secunia.com/product/3292/ Microsoft Outlook 2002 http://secunia.com/product/34/ Microsoft Outlook 2000 http://secunia.com/product/33/ Microsoft OneNote 2003 http://secunia.com/product/7140/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Office X for Mac http://secunia.com/product/2610/ Microsoft Office 2004 for Mac http://secunia.com/product/8713/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft InfoPath 2003 http://secunia.com/product/6463/ Microsoft Access 2000 http://secunia.com/product/36/ Microsoft Access 2002 http://secunia.com/product/35/ Microsoft Access 2003 http://secunia.com/product/4904/ Microsoft Excel 2000 http://secunia.com/product/3054/ Microsoft Excel 2002 http://secunia.com/product/4043/ Microsoft Excel 2003 http://secunia.com/product/4970/ Microsoft Excel Viewer 2003 http://secunia.com/product/7700/ Microsoft Frontpage 2000 http://secunia.com/product/27/ Microsoft Frontpage 2002 http://secunia.com/product/26/ Microsoft Frontpage 2003 http://secunia.com/product/6997/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) An unspecified boundary error within the parsing of certain strings can be exploited to cause a buffer overflow via a specially crafted Office document. 2) A boundary error when parsing chart records can be exploited to cause a buffer overflow via a specially crafted Office document. 3) An unspecified boundary error when parsing certain records can be exploited to cause a buffer overflow via a specially crafted Office document. 4) A boundary error within the parsing of Smart Tags can be exploited to cause a buffer overflow via a specially crafted Office document. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=E0C7E1E4-7859-4C7E-898E-1CF05014885B Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=958EE063-D88D-4E45-8555-4D1C4730F5C8 Microsoft Office 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=0D399F68-EC0D-4768-9846-B16B3DADF247 Microsoft Project 2000 SR1: http://www.microsoft.com/downloads/details.aspx?FamilyId=266A9870-CD03-45CA-877B-B5AD2C873FE5 Microsoft Project 2002 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=A77DEA18-D237-4BB0-9464-CE31B6AE52D6 Microsoft Visio 2002 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=FD4B7660-0FC5-43E5-9683-B6DAE96136BB Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/ Microsoft Office v. X for Mac: http://www.microsoft.com/mac/ ORIGINAL ADVISORY: MS06-062 (KB922581): http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
