Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28904] Microsoft Works File Converter File Parsing Vulnerabilities



> ----------------------------------------------------------------------
>
> TITLE:
> Microsoft Works File Converter File Parsing Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28904
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28904/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Works 8.x
> http://secunia.com/product/7215/
> Microsoft Works Suite 2005
> http://secunia.com/product/8711/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Microsoft Office and
> Microsoft Works, which can be exploited by malicious people to
> compromise a user's system.
>
> 1) An error in the Works File Converter when processing section
> length headers can be exploited via a specially crafted Works (.wps)
> file.
>
> 2) An error in the Works File Converter when processing section
> header index table information can be exploited via a specially
> crafted Works (.wps) file.
>
> 3) An error in the Works File Converter when processing field length
> information can be exploited via a specially crafted Works (.wps)
> file.
>
> Successful exploitation of the vulnerabilities may allow execution of
> arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Microsoft Office 2003 SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C
> 3FE-FB85-43D9-BBC3-0B30D3A20286
>
> Microsoft Office 2003 SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C
> 3FE-FB85-43D9-BBC3-0B30D3A20286
>
> Microsoft Works 8.0:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C
> 3FE-FB85-43D9-BBC3-0B30D3A20286
>
> Microsoft Works Suite 2005:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C
> 3FE-FB85-43D9-BBC3-0B30D3A20286
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Damian Put via VeriSign iDefense VCP.
> 2) The vendor credits IBM ISS X-Force.
> 3) The vendor credits VeriSign iDefense VCP.
>
> ORIGINAL ADVISORY:
> MS08-011 (KB947081):
> http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx
>
>



 




Copyright © Lexa Software, 1996-2009.