Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  DoS против Microsoft Office v. X for Mac

From:MICROSOFT <secure_(at)_microsoft.com>
Date:07.02.2002
Subject:Security Bulletin MS02-002

- ----------------------------------------------------------------------
Title:      Malformed Network Request can cause Office v. X for Mac
           to Fail
Date:       06 February 2002
Software:   Microsoft Office v. X for Mac
Impact:     Denial of Service
Max Risk:   Low
Bulletin:   MS02-002

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-002.asp.
- ----------------------------------------------------------------------

Issue:
======
Office v. X contains a network-aware anti-piracy mechanism that
detects multiple copies of Office using the same product identifier
(PID) running on the local network. This feature, called the Network
Product Identification (PID) Checker, announces Office's own unique
product ID and listens for other announcements at regular intervals.
If a duplicate PID is detected, Office shuts down.

A security vulnerability results because of a flaw in the Network
PID Checker. Specifically, the Network PID Checker doesn't correctly
handle a particular type of malformed announcement - receiving one
causes the Network PID Checker to fail. When the Network PID fails
like this, the Office v. X application will fail as well. If more
than one Office v. X application was running when the packet was
received, the first application launched during the session would
fail. An attacker could use this vulnerability to cause other users'
Office applications to fail, with the loss of any unsaved data.
An attacker could craft and send this packet to a victim's machine
directly, by using the machine's IP address. Or, he could send
this same directive to a broadcast and multicast domain and attack
all affected machines

Mitigating Factors:
====================
- Corporate networks could be protected against Internet-based
  attacks by following standard firewalling practices
  (specifically, blocking ports 2222, those greater than 3000
  traffic).
- Best practices recommends blocking both multicast and broadcast
  packets at the perimeter firewall.
- At best, an attacker could cause the running Office application
  that was loaded first to fail. There is no opportunity for an
  attacker to create, delete, or modify Office data.
- Even a successful attack wouldn't have any effect on the overall
  system, other applications or any Office application beyond the
  first one loaded.

Risk Rating:
============
- Internet systems: None
- Intranet systems: None
- Client systems: Low

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-002.asp
  for information on obtaining this patch.

Acknowledgment:
===============
- Marty Schoch (mschoch@multicasttech.com)

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod