23903 : Microsoft Office Crafted Routing Slip Arbitrary Code Execution
Printer | http://osvdb.org/23903 | Email This | Edit Vulnerability

Views This Week

Views All Time

171

Info

Last Modified

4 months ago

Percent Complete

100%

Disclosure

Mar 14, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Microsoft Office 2000, Office XP (2002), and Office 2003. The Microsoft Word, Excel, PowerPoint, and Outlook applications fail to parse the routing slip metadata resulting in a buffer overflow. With a specially crafted document, an attacker can cause arbitrary code execution when a user closes a malicious document resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Discovered in the Wild
OSVDB: Context Dependent

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Microsoft Corporation	FrontPage	2002 SP3
	Office	XP SP3
		2000 SP3
		2003 SP1
		2003 SP2
	Word	2003
		2002 SP3
		2000 SP3
	Works Suite	2000
		2001
		2002
		2004
		2003
		2005
		2006
	Excel	2000 SP3
		2002 SP3
		2003 SP1
		2003 SP2
		2004 for Mac
		v. X for Mac
	Outlook	2003
		2002 SP3
		2000 SP3
	Publisher	2002 SP3
	PowerPoint	2003
		2002 SP3
		2000 SP3
	Excel Viewer	2000
		2002
		2003 SP1
		2003 SP2
	Multilingual User Interface Packs	2002 SP3
	MultiLanguage Packs	2000 SP3

References

FrSIRT Advisory: ADV-2006-3678
Bugtraq ID: 17000 20059
Microsoft Knowledge Base Article: 905413
Microsoft Security Bulletin: MS06-012
Related OSVDB ID: 23898 23899 23900 23901 23902
Other Advisory URL: http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-09181 ......
ISS X-Force ID: 25009
Secunia Advisory ID: 19138 21978
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0817.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0585.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0332.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0336.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0338.html
http://attrition.org/pipermail/vim/2006-September/001039.html
CVE ID: 2006-0009 (see also: NVD) 2006-4274 (see also: NVD) 2006-4854 (see also: NVD)
Security Tracker: 1015766
Keyword: SYMSA-2006-001

Tools & Filters

Nessus	21078

Credit

Ollie Whitehouse - ollie_whitehousesymantec.com - Symantec Corp.

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

FrontPage

Office

Word

Works Suite

Excel

Outlook

Publisher

PowerPoint

Excel Viewer

Multilingual User Interface Packs

MultiLanguage Packs

References

Tools & Filters

Credit

Blogs

Comments