lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 11 Oct 2006 12:02:09 +0800
From: Sowhat <smaillist@...il.com>
To: bugtraq@...urityfocus.com
Subject: Microsoft Office Malformed Record Memory Corruption Vulnerability

Microsoft Office Malformed Record Memory Corruption Vulnerability


By Sowhat of Nevis Labs
2006.10.10

http://www.nevisnetworks.com
http://secway.org/advisory/AD20061010.txt



Vendor
Microsoft Inc.

Affected:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint XP SP3
Microsoft PowerPoint 2003 SP1, SP2


Remote: YES
Exploitable: maybe ;)

CVE: CVE-2006-3864



Overview:

This vulnerability allows remote attackers to execute arbitrary code in
the context of the logged in user. An array boundary condition may be
violated by a malicious Microsoft Office (DOC/PPT/XLS) file in order to redirect
execution into attacker-supplied data. Exploitation requires that the
attacker coerce or
persuade the victim to open a malicious Microsoft Office file.


(Not)Details:

The specific flaw lies with in the Office binary mso.dll.
There will be a memory corruption during the analysis of a malformed
Microsoft Office File.

Microsoft said "We have confirmed that the issue you reported to us is
potentially
exploitable"

Because there are too many boring MS OFFICE vulnerabilities released this year,
I am boring to write an technical advisory and I believe that nobody
is interested in that.
So I just post this advisory for record purpose only ;) Sorry.


POC:

No POC will be supplied


Fix:

Microsoft has released an update for Microsoft Office which is
set to address this issue. This can be downloaded from:

http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx


Vendor Response:

2006.07.14 Vendor notified via secure@...rosoft.com
2006.07.15 Vendor responded
2006.10.10 Vendor released MS06-062 patch
2006.10.10 Advisory released


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.


        CVE-2006-3864




Greetings to Becky, TY


Reference:

1. http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
2. http://secway.org/vuln.htm
3. http://secway.org/advisory/AD20061010.txt


-- 
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ