Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office multiple security vulnerabilities
updated since 15.12.2010
Published:28.12.2010
Source:
SecurityVulns ID:11307
Type:client
Threat Level:
7/10
Description:Multiple memory corruptions in Publisher, multiple memory corruptions in graphics filters.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Works 9
 MICROSOFT : Office 2010
CVE:CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability.")
 CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability.")
 CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability.")
 CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability.")
 CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability.")
 CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability.")
 CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability.")
 CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability.")
 CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability.")
 CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability.")
 CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability.")
 CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability.")
Original documentdocumentSECUNIA, Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability (28.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow (22.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows (21.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041) (16.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200) (16.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201) (16.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206) (16.12.2010)
Files:Microsoft Security Bulletin MS10-103 - Important Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
 Microsoft Security Bulletin MS10-105 - Important Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod