Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2463
HistoryFeb 07, 2002 - 12:00 a.m.

Security Bulletin MS02-002

2002-02-0700:00:00
vulners.com
19
JSON

Title: Malformed Network Request can cause Office v. X for Mac
to Fail
Date: 06 February 2002
Software: Microsoft Office v. X for Mac
Impact: Denial of Service
Max Risk: Low
Bulletin: MS02-002

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-002.asp.

Issue:

Office v. X contains a network-aware anti-piracy mechanism that
detects multiple copies of Office using the same product identifier
(PID) running on the local network. This feature, called the Network
Product Identification (PID) Checker, announces Office's own unique
product ID and listens for other announcements at regular intervals.
If a duplicate PID is detected, Office shuts down.

A security vulnerability results because of a flaw in the Network
PID Checker. Specifically, the Network PID Checker doesn't correctly
handle a particular type of malformed announcement - receiving one
causes the Network PID Checker to fail. When the Network PID fails
like this, the Office v. X application will fail as well. If more
than one Office v. X application was running when the packet was
received, the first application launched during the session would
fail. An attacker could use this vulnerability to cause other users'
Office applications to fail, with the loss of any unsaved data.
An attacker could craft and send this packet to a victim's machine
directly, by using the machine's IP address. Or, he could send
this same directive to a broadcast and multicast domain and attack
all affected machines

Mitigating Factors:

  • Corporate networks could be protected against Internet-based
    attacks by following standard firewalling practices
    (specifically, blocking ports 2222, those greater than 3000
    traffic).
  • Best practices recommends blocking both multicast and broadcast
    packets at the perimeter firewall.
  • At best, an attacker could cause the running Office application
    that was loaded first to fail. There is no opportunity for an
    attacker to create, delete, or modify Office data.
  • Even a successful attack wouldn't have any effect on the overall
    system, other applications or any Office application beyond the
    first one loaded.

Risk Rating:

  • Internet systems: None
  • Intranet systems: None
  • Client systems: Low

Patch Availability:

Acknowledgment:

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

JSON