Title: Malformed Network Request can cause Office v. X for Mac
to Fail
Date: 06 February 2002
Software: Microsoft Office v. X for Mac
Impact: Denial of Service
Max Risk: Low
Bulletin: MS02-002
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-002.asp.
Office v. X contains a network-aware anti-piracy mechanism that
detects multiple copies of Office using the same product identifier
(PID) running on the local network. This feature, called the Network
Product Identification (PID) Checker, announces Office's own unique
product ID and listens for other announcements at regular intervals.
If a duplicate PID is detected, Office shuts down.
A security vulnerability results because of a flaw in the Network
PID Checker. Specifically, the Network PID Checker doesn't correctly
handle a particular type of malformed announcement - receiving one
causes the Network PID Checker to fail. When the Network PID fails
like this, the Office v. X application will fail as well. If more
than one Office v. X application was running when the packet was
received, the first application launched during the session would
fail. An attacker could use this vulnerability to cause other users'
Office applications to fail, with the loss of any unsaved data.
An attacker could craft and send this packet to a victim's machine
directly, by using the machine's IP address. Or, he could send
this same directive to a broadcast and multicast domain and attack
all affected machines
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.