Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28909] Microsoft Office Object Parsing Memory Corruption Vulnerability
>
> TITLE:
> Microsoft Office Object Parsing Memory Corruption Vulnerability
>
> SECUNIA ADVISORY ID:
> SA28909
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28909/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2004 for Mac
> http://secunia.com/product/8713/
>
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Office, which can be
> exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to a memory handling error when
> processing objects embedded in documents and can be exploited to
> corrupt memory via a document containing a specially crafted object.
>
> Successful exploitation may allow execution of arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Microsoft Office 2000 SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74
> E24-D9EE-4951-9C46-E1C84617F097
>
> Microsoft Office XP SP3:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147
> B1A-F3BE-465F-8587-7F3A33D6A6E5
>
> Microsoft Office 2003 SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0
> F34-4604-4BBE-9669-01DB645041CA
>
> Microsoft Office 2004 for Mac:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=36B00
> C58-192D-488C-A069-730C69F0B6B0
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Shaun Colley, NGSSoftware.
>
> ORIGINAL ADVISORY:
> MS08-013 (KB947108):
> http://www.microsoft.com/technet/security/Bulletin/MS08-013.mspx
>
|