ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability



> -----Original Message-----
> From: research@xxxxxxxxxxxx [mailto:research@xxxxxxxxxxxx] 
> Sent: Monday, July 10, 2006 9:44 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: SYMSA-2006-007: Microsoft Office Malformed String 
> Parsing Vulnerability
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
>               Symantec Vulnerability Research
>               http://www.symantec.com/research
>                       Security Advisory
> 
> 
> Advisory ID   : SYMSA-2006-007
> Advisory Title: Microsoft Office Malformed String Parsing
>               Vulnerability
> Author        : Elia Florio / elia_florio@xxxxxxxxxxxx
> Release Date  : 07-11-2006
> Application   : Microsoft Office 2000, Office XP (2002),
>               Office 2003
> Platform      : Windows
> Severity      : Remotely exploitable / User access
> Vendor status : Duplicated and verified by Microsoft,
>               patch available
> CVE Number    : CVE-2006-1540
> Reference     : http://www.securityfocus.com/bid/18889
> 
> 
> Overview:
> 
>       There exists an overflow condition in Microsoft Office
>       when a malformed string included in an Office file is
>       parsed by any of the affected Office applications.
> 
> 
> Details:
> 
>       The problem resides in the code of MSO.DLL, a shared
>       library used by Office applications, so the vulnerability
>       can be exploited using different attack vectors.
>       For example, the vulnerability can be exploited using a
>       malformed Excel 2003 file. By changing the size of the
>       Unicode "Sheet Name" string with an incorrect size, it is
>       possible to generate an integer overflow condition. Excel
>       2003 will crash while opening the malformed file due to an
>       access violation error with an invalid value of
>       EAX=0xFFFFFFFC.
> 
>       MOV EDX,DWORD PTR DS:[EAX-4]
>       ADD EAX,-4
>       ADD EDX,4
> 
> 
> Vendor Response:
> 
>       The above vulnerability was addressed for the affected
>       platforms via Microsoft Security Bulletin MS06-38. If
>       there are any further questions about this statement,
>       please contact secure@xxxxxxxxxxxxxx
> 
> 
> Recommendation:
>       Follow your organization's testing procedures before
>       applying patches or workarounds.  Customers should apply
>       Microsoft's update as soon as possible.
> 
> 
> Common Vulnerabilities and Exposures (CVE) Information:
> 
> The Common Vulnerabilities and Exposures (CVE) project has assigned
> the following names to these issues.  These are candidates for
> inclusion in the CVE list (http://cve.mitre.org), which standardizes
> names for security problems.
> 
>       CVE-2006-1540
> 
> 
> - -------Symantec Vulnerability Research Advisory Information-------
> 
> For questions about this advisory, or to report an error:
> research@xxxxxxxxxxxx
> 
> For details on Symantec's Vulnerability Reporting Policy:
> http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf
> 
> Symantec Vulnerability Research Advisory Archive:
> http://www.symantec.com/research/
> 
> Symantec Vulnerability Research GPG Key:
> http://www.symantec.com/research/Symantec_Consulting_Services_
> Advisories_GPG.asc
> 
> - -------------Symantec Product Advisory Information-------------
> 
> To Report a Security Vulnerability in a Symantec Product:
> secure@xxxxxxxxxxxx
> 
> For general information on Symantec's Product Vulnerability
> reporting and response:
> http://www.symantec.com/security/
> 
> Symantec Product Advisory Archive:
> http://www.symantec.com/avcenter/security/SymantecAdvisories.html
> 
> Symantec Product Advisory PGP Key:
> http://www.symantec.com/security/Symantec-Vulnerability-Manage
> ment-Key.asc
> 
> - ---------------------------------------------------------------
> 
> Copyright (c) 2006 by Symantec Corp.
> Permission to redistribute this alert electronically is granted
> as long as it is not edited in any way unless authorized by
> Symantec Consulting Services. Reprinting the whole or part of
> this alert in any medium other than electronically requires
> permission from cs_advisories@xxxxxxxxxxxxx
> 
> Disclaimer
> The information in the advisory is believed to be accurate at the
> time of publishing based on currently available information. Use
> of the information constitutes acceptance for use in an AS IS
> condition. There are no warranties with regard to this information.
> Neither the author nor the publisher accepts any liability for any
> direct, indirect, or consequential loss or damage arising from use
> of, or reliance on, this information.
> 
> Symantec, Symantec products, and Symantec Consulting Services are
> registered trademarks of Symantec Corp. and/or affiliated companies
> in the United States and other countries. All other registered and
> unregistered trademarks represented in this document are the sole
> property of their respective companies/owners.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (Cygwin)
> 
> iD8DBQFEspITuk7IIFI45IARAiJyAJ4gvZGmSFL5B+ZOpCYrq3pXQrH6WgCgjDJu
> c6RMB/od64/cLbHSwy3EC/w=
> =MYz8
> -----END PGP SIGNATURE-----
> 




 




Copyright © Lexa Software, 1996-2009.