Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13482
HistoryJul 11, 2006 - 12:00 a.m.

SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability

2006-07-1100:00:00
vulners.com
9
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Symantec Vulnerability Research
            http://www.symantec.com/research
                    Security Advisory

Advisory ID : SYMSA-2006-007
Advisory Title: Microsoft Office Malformed String
Parsing
Vulnerability
Author : Elia Florio /
[email protected]
Release Date : 07-11-2006
Application : Microsoft Office 2000, Office XP
(2002),
Office 2003
Platform : Windows
Severity : Remotely exploitable / User access
Vendor status : Duplicated and verified by
Microsoft,
patch available
CVE Number : CVE-2006-1540
Reference :
http://www.securityfocus.com/bid/18889

Overview:

    There exists an overflow condition in

Microsoft Office
when a malformed string included in an
Office file is
parsed by any of the affected Office
applications.

Details:

    The problem resides in the code of

MSO.DLL, a shared
library used by Office applications, so
the vulnerability
can be exploited using different attack
vectors.
For example, the vulnerability can be
exploited using a
malformed Excel 2003 file. By changing
the size of the
Unicode "Sheet Name" string with an
incorrect size, it is
possible to generate an integer overflow
condition. Excel
2003 will crash while opening the
malformed file due to an
access violation error with an invalid
value of
EAX=0xFFFFFFFC.

    MOV EDX,DWORD PTR DS:[EAX-4]
    ADD EAX,-4
    ADD EDX,4

Vendor Response:

    The above vulnerability was addressed for

the affected
platforms via Microsoft Security Bulletin
MS06-38. If
there are any further questions about
this statement,
please contact [email protected].

Recommendation:
Follow your organization's testing
procedures before
applying patches or workarounds.
Customers should apply
Microsoft's update as soon as possible.

Common Vulnerabilities and Exposures (CVE)
Information:

The Common Vulnerabilities and Exposures (CVE)
project has assigned
the following names to these issues. These are
candidates for
inclusion in the CVE list (http://cve.mitre.org),
which standardizes
names for security problems.

    CVE-2006-1540
  • -------Symantec Vulnerability Research Advisory
    Information-------

For questions about this advisory, or to report
an error:
[email protected]

For details on Symantec's Vulnerability Reporting
Policy:
http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Symantec Vulnerability Research Advisory Archive:
http://www.symantec.com/research/

Symantec Vulnerability Research GPG Key:
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_GPG.asc

  • -------------Symantec Product Advisory
    Information-------------

To Report a Security Vulnerability in a Symantec
Product:
[email protected]

For general information on Symantec's Product
Vulnerability
reporting and response:
http://www.symantec.com/security/

Symantec Product Advisory Archive:
http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key:
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

Copyright (c) 2006 by Symantec Corp.
Permission to redistribute this alert
electronically is granted
as long as it is not edited in any way unless
authorized by
Symantec Consulting Services. Reprinting the
whole or part of
this alert in any medium other than
electronically requires
permission from [email protected].

Disclaimer
The information in the advisory is believed to be
accurate at the
time of publishing based on currently available
information. Use
of the information constitutes acceptance for use
in an AS IS
condition. There are no warranties with regard to
this information.
Neither the author nor the publisher accepts any
liability for any
direct, indirect, or consequential loss or damage
arising from use
of, or reliance on, this information.

Symantec, Symantec products, and Symantec
Consulting Services are
registered trademarks of Symantec Corp. and/or
affiliated companies
in the United States and other countries. All
other registered and
unregistered trademarks represented in this
document are the sole
property of their respective companies/owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)

iD8DBQFEspITuk7IIFI45IARAiJyAJ4gvZGmSFL5B+ZOpCYrq3pXQrH6WgCgjDJu
c6RMB/od64/cLbHSwy3EC/w=
=MYz8
-----END PGP SIGNATURE-----

Related

checkpoint_advisories 3
securityvulns 2
cert 1
prion 1
cve 3
nessus 2
checkpoint_advisories
checkpoint_advisories
Microsoft Office File Malformed String Parsing Buffer Overflow(MS06-038; CVE-2006-1540)
2011-05-17 00:00:00
Microsoft Office File Malformed String Parsing Buffer Overflow (MS06-038) - ver 2 (CVE-2006-1540)
2011-05-17 00:00:00
Office Files (CVE-2006-1308; CVE-2006-1540; CVE-2006-3431; CVE-2007-0934; CVE-2007-0936)
2006-07-23 00:00:00
securityvulns
securityvulns
SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability
2006-07-11 00:00:00
Microsoft Security Bulletin MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
2006-07-11 00:00:00
cert
cert
Microsoft Office string parsing vulnerability
2006-07-11 00:00:00
prion
prion
Integer overflow
2006-03-30 11:02:00
cve
cve
CVE-2006-1540
2006-03-30 11:02:00
CVE-2006-3449
2006-08-09 00:04:00
CVE-2006-3590
2006-07-14 18:05:00
nessus
nessus
MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
2006-07-11 00:00:00
MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)
2006-07-11 00:00:00
JSON
Related for SECURITYVULNS:DOC:13482
checkpoint_advisories3securityvulns2cert1prion1cve3nessus2