Microsoft Office Object Parsing Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	05/13/2008
Severity:	High
Applications Affected:	Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP3 Microsoft Office System 2007 Microsoft Office System 2007 SP1 Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac

Synopsis

Microsoft office is prone to a object parsing vulnerability. This vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (.rtf) files.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx

Threat Analysis

The vulnerability is caused by a memory calculation error when processing a malformed string in a specially crafted .rtf file. The error may corrupt system memory in such a way that an attacker could execute arbitrary code. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1091

Write-up by: Aditya Chaturvedi

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |