Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA21013] Microsoft Office Filters Memory Corruption Vulnerabilities

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA21013] Microsoft Office Filters Memory Corruption Vulnerabilities
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 12 Jul 2006 11:17:14 +0400
Content-class: urn:content-classes:message
Content-length: 3054
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcalFfJinJH2zwChSfO7LRohw7JWEAAbTIMg
Thread-topic: [SA21013] Microsoft Office Filters Memory Corruption Vulnerabilities

> ----------------------------------------------------------------------
> 
> TITLE:
> Microsoft Office Filters Memory Corruption Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA21013
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21013/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft OneNote 2003
> http://secunia.com/product/7140/
> Microsoft Project 2000
> http://secunia.com/product/158/
> Microsoft Project 2002
> http://secunia.com/product/157/
> Microsoft Project 2003
> http://secunia.com/product/3170/
> Microsoft Works Suite 2004
> http://secunia.com/product/3897/
> Microsoft Works Suite 2005
> http://secunia.com/product/8711/
> Microsoft Works Suite 2006
> http://secunia.com/product/8712/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Microsoft Office, which can
> be exploited by malicious people to compromise a user's system.
> 
> 1) An error within the processing of GIF files can be exploited to
> corrupt memory via a specially crafted GIF file.
> 
> 2) An error within the processing of PNG files can be exploited to
> corrupt memory via a specially crafted PNG file.
> 
> Successful exploitation of the vulnerabilities allows execution of
> arbitrary code when a malicious file is opened.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Office 2003 SP1 or SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=66C15
> CD1-A33B-4EB4-9D90-87DECF053768
> 
> Microsoft Office XP SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1506F
> E89-1753-40AC-BB3E-A053B3EB6260
> 
> Microsoft Office 2000 SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9B0A1
> 795-DA76-4935-AA90-E6AEDC0CDE6B
> 
> Microsoft Project 2002:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=2194E
> C63-582E-4E64-B71F-99918BF14FFA
> 
> Microsoft Project 2000:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=42493
> E0C-91DE-49B0-B5B7-2214D55DE079
> 
> Microsoft Works Suite 2004:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1506F
> E89-1753-40AC-BB3E-A053B3EB6260
> 
> Microsoft Works Suite 2005:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1506F
> E89-1753-40AC-BB3E-A053B3EB6260
> 
> Microsoft Works Suite 2006:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1506F
> E89-1753-40AC-BB3E-A053B3EB6260
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits NSFocus Security Team.
> 2) The vendor credits Fortinet.
> 
> ORIGINAL ADVISORY:
> MS06-039 (KB915384):
> http://www.microsoft.com/technet/security/Bulletin/MS06-039.mspx
>

Prev by Date: [security-alerts] FW: [VulnWatch] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)
Next by Date: [security-alerts] Microsoft Excel Multiple Code Execution Vulnerabilities
Previous by thread: [security-alerts] FW: [VulnWatch] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)
Next by thread: [security-alerts] Microsoft Excel Multiple Code Execution Vulnerabilities
Index(es):
- Date
- Thread