Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14637
HistoryOct 11, 2006 - 12:00 a.m.

Microsoft Office Malformed Record Memory Corruption Vulnerability

2006-10-1100:00:00
vulners.com
13
JSON

Microsoft Office Malformed Record Memory Corruption Vulnerability

By Sowhat of Nevis Labs
2006.10.10

http://www.nevisnetworks.com
http://secway.org/advisory/AD20061010.txt

Vendor
Microsoft Inc.

Affected:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint XP SP3
Microsoft PowerPoint 2003 SP1, SP2

Remote: YES
Exploitable: maybe ;)

CVE: CVE-2006-3864

Overview:

This vulnerability allows remote attackers to execute arbitrary code in
the context of the logged in user. An array boundary condition may be
violated by a malicious Microsoft Office (DOC/PPT/XLS) file in order to redirect
execution into attacker-supplied data. Exploitation requires that the
attacker coerce or
persuade the victim to open a malicious Microsoft Office file.

(Not)Details:

The specific flaw lies with in the Office binary mso.dll.
There will be a memory corruption during the analysis of a malformed
Microsoft Office File.

Microsoft said "We have confirmed that the issue you reported to us is
potentially
exploitable"

Because there are too many boring MS OFFICE vulnerabilities released this year,
I am boring to write an technical advisory and I believe that nobody
is interested in that.
So I just post this advisory for record purpose only ;) Sorry.

POC:

No POC will be supplied

Fix:

Microsoft has released an update for Microsoft Office which is
set to address this issue. This can be downloaded from:

http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx

Vendor Response:

2006.07.14 Vendor notified via [email protected]
2006.07.15 Vendor responded
2006.10.10 Vendor released MS06-062 patch
2006.10.10 Advisory released

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

    CVE-2006-3864

Greetings to Becky, TY

Reference:

  1. http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
  2. http://secway.org/vuln.htm
  3. http://secway.org/advisory/AD20061010.txt


Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

Related

cert 1
cve 2
securityvulns 1
nessus 2
cert
cert
Microsoft Office fails to properly parse malformed records
2006-10-11 00:00:00
cve
cve
CVE-2006-3864
2006-10-10 22:07:00
CVE-2006-3650
2006-10-10 22:07:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
2006-10-11 00:00:00
nessus
nessus
MS06-062: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
2006-10-10 00:00:00
MS06-058 / MS06-059 / MS06-0060 / MS06-062: Vulnerabilities in Microsoft Office Allow Remote Code Execution (924163 / 924164 / 924554 / 922581) (Mac OS X)
2006-10-11 00:00:00
JSON
Related for SECURITYVULNS:DOC:14637
cert1cve2securityvulns1nessus2