Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28906] Microsoft Office Publisher File Parsing Vulnerabilities



>
> TITLE:
> Microsoft Office Publisher File Parsing Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28906
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28906/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft Publisher 2000
> http://secunia.com/product/29/
> Microsoft Publisher 2002
> http://secunia.com/product/30/
> Microsoft Publisher 2003
> http://secunia.com/product/10986/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Microsoft Office
> Publisher, which can be exploited by malicious people to compromise a
> user's system.
>
> 1) An error during processing of application data when loading
> Publisher (.pub) files to memory can be exploited via a specially
> crafted Publisher file.
>
> 2) An error in the processing of memory index values when loading
> Publisher files to memory can be exploited via a specially crafted
> Publisher file.
>
> Successful exploitation of the vulnerabilities may allow execution of
> arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Microsoft Office Publisher 2000:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=D8B08
> 5FB-858F-4C7E-96DE-EDFF8F49D62A
>
> Microsoft Office Publisher 2002:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1135C
> 63A-6CE7-4051-81BA-BFBBA8D857FB
>
> Microsoft Office Publisher 2003 SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7078B
> 952-09F6-4C47-8C05-40667E1F1C3B
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits:
> * Piotr Bania
> * Bing Liu, Fortinet Security Research.
>
> 2) The vendor credits Bing Liu, Fortinet Security Research.
>
> ORIGINAL ADVISORY:
> MS08-012 (KB947085):
> http://www.microsoft.com/technet/security/Bulletin/MS08-012.mspx
>



 




Copyright © Lexa Software, 1996-2009.