OSVDB ID: 29428

Title: Microsoft Office Malformed Chart Record Unspecified Arbitrary Code Execution

Info

Disclosure
Oct 10, 2006

Discovery
Jun 14, 2006

Dates

Exploit
Unknown

Solution
Unknown

Description

 Microsoft Office contains a flaw that may allow a malicious user to execute arbitrary code on the target machine. An attacker could exploit this vulnerability when Office parses a malformed chart record.

Classification

 Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

 Microsoft Corporation has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Do not open or save Microsoft Office files that are untrusted or that you receive from trusted sources unexpectedly.

Products

Microsoft Corporation

Access

 2000
2002
2003

Excel

 2000
2002
2003

Excel Viewer

 2003

FrontPage

 2000
2002
2003

InfoPath

 2003

Office

 2000
2003 Professional Edition
2003 Small Business Edition
2003 Standard Edition
2003 Student and Teacher Edition
2004 for Mac
X for Mac
XP

OneNote

 2003

Outlook

 2000
2002
2003

PowerPoint

 2000
2002
2003

Project

 2000
2002
2003

Publisher

 2000
2002
2003

Visio

 2002
2003

Word

 2000
2002
2003

Word Viewer

 2003

References

Credit
  • Arnaud Dovi - TippingPoint


Direct URL: http://osvdb.org/36218