OSVDB ID: 45031

Title: Microsoft Office RTF File Handling Object Parsing Arbitrary Code Execution

Info

Disclosure
May 13, 2008

Discovery
Unknown

Dates

Exploit
Unknown

Solution
May 13, 2008

Description

 A memory corruption flaw exists in Office. Word and Outlook fail to validate strings contained in RTF files resulting in memory corruption. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Local Access Required, Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch
Exploit: Exploit Unknown
Disclosure: Coordinated Disclosure
OSVDB: Context Dependent

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Office Compatibility Pack for Word, Excel and Powerpoint

 2007
2007 SP1

Office

 2004 for Mac
2008 for Mac

Outlook

 2007
2007 SP1

Word

 2000 SP3
2003 SP2
2002 SP3
2003 SP3
2007
2007 SP1

References

Credit
  • wushi - team509


Direct URL: http://osvdb.org/36218