Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Microsoft Office buffer overflow

  [VulnWatch]  NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability

  SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability

  Microsoft Security Bulletin MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)

  Microsoft Security Bulletin MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:11.07.2006
Subject:SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



               Symantec Vulnerability Research
               http://www.symantec.com/research
                       Security Advisory


Advisory ID   : SYMSA-2006-007
Advisory Title: Microsoft Office Malformed String
Parsing
               Vulnerability
Author        : Elia Florio /
[email protected]
Release Date  : 07-11-2006
Application   : Microsoft Office 2000, Office XP
(2002),
               Office 2003
Platform      : Windows
Severity      : Remotely exploitable / User access
Vendor status : Duplicated and verified by
Microsoft,
               patch available
CVE Number    : CVE-2006-1540
Reference     :
http://www.securityfocus.com/bid/18889


Overview:

       There exists an overflow condition in
Microsoft Office
       when a malformed string included in an
Office file is
       parsed by any of the affected Office
applications.


Details:

       The problem resides in the code of
MSO.DLL, a shared
       library used by Office applications, so
the vulnerability
       can be exploited using different attack
vectors.
       For example, the vulnerability can be
exploited using a
       malformed Excel 2003 file. By changing
the size of the
       Unicode "Sheet Name" string with an
incorrect size, it is
       possible to generate an integer overflow
condition. Excel
       2003 will crash while opening the
malformed file due to an
       access violation error with an invalid
value of
       EAX=0xFFFFFFFC.

       MOV EDX,DWORD PTR DS:[EAX-4]
       ADD EAX,-4
       ADD EDX,4


Vendor Response:

       The above vulnerability was addressed for
the affected
       platforms via Microsoft Security Bulletin
MS06-38. If
       there are any further questions about
this statement,
       please contact [email protected]


Recommendation:
       Follow your organization's testing
procedures before
       applying patches or workarounds.
Customers should apply
       Microsoft's update as soon as possible.


Common Vulnerabilities and Exposures (CVE)
Information:

The Common Vulnerabilities and Exposures (CVE)
project has assigned
the following names to these issues.  These are
candidates for
inclusion in the CVE list (http://cve.mitre.org),
which standardizes
names for security problems.

       CVE-2006-1540


- -------Symantec Vulnerability Research Advisory
Information-------

For questions about this advisory, or to report
an error:
[email protected]

For details on Symantec's Vulnerability Reporting
Policy:
http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Symantec Vulnerability Research Advisory Archive:
http://www.symantec.com/research/

Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_GPG.asc


- -------------Symantec Product Advisory
Information-------------

To Report a Security Vulnerability in a Symantec
Product:
[email protected]

For general information on Symantec's Product
Vulnerability
reporting and response:
http://www.symantec.com/security/

Symantec Product Advisory Archive:
http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key:
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

-
---------------------------------------------------------------

Copyright (c) 2006 by Symantec Corp.
Permission to redistribute this alert
electronically is granted
as long as it is not edited in any way unless
authorized by
Symantec Consulting Services. Reprinting the
whole or part of
this alert in any medium other than
electronically requires
permission from [email protected]

Disclaimer
The information in the advisory is believed to be
accurate at the
time of publishing based on currently available
information. Use
of the information constitutes acceptance for use
in an AS IS
condition. There are no warranties with regard to
this information.
Neither the author nor the publisher accepts any
liability for any
direct, indirect, or consequential loss or damage
arising from use
of, or reliance on, this information.

Symantec, Symantec products, and Symantec
Consulting Services are
registered trademarks of Symantec Corp. and/or
affiliated companies
in the United States and other countries. All
other registered and
unregistered trademarks represented in this
document are the sole
property of their respective companies/owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)

iD8DBQFEspITuk7IIFI45IARAiJyAJ4gvZGmSFL5B+ZOpCYrq3pXQrH6WgCgjDJu
c6RMB/od64/cLbHSwy3EC/w=
=MYz8
-----END PGP SIGNATURE-----

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod