Microsoft Office Crafted Routing Slip Arbitrary Code Execution

2006-03-14T14:32:39
ID OSVDB:23903
Type osvdb
Reporter Ollie Whitehouse(ollie_whitehouse@symantec.com)
Modified 2006-03-14T14:32:39

Description

Vulnerability Description

A remote overflow exists in Microsoft Office 2000, Office XP (2002), and Office 2003. The Microsoft Word, Excel, PowerPoint, and Outlook applications fail to parse the routing slip metadata resulting in a buffer overflow. With a specially crafted document, an attacker can cause arbitrary code execution when a user closes a malicious document resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft Office 2000, Office XP (2002), and Office 2003. The Microsoft Word, Excel, PowerPoint, and Outlook applications fail to parse the routing slip metadata resulting in a buffer overflow. With a specially crafted document, an attacker can cause arbitrary code execution when a user closes a malicious document resulting in a loss of integrity.

References:

Security Tracker: 1015766 Secunia Advisory ID:19138 Secunia Advisory ID:21978 Related OSVDB ID: 23902 Related OSVDB ID: 23899 Related OSVDB ID: 23900 Related OSVDB ID: 23898 Related OSVDB ID: 23901 Other Advisory URL: http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-091810-5028-99 Other Advisory URL: http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt Microsoft Security Bulletin: MS06-012 Microsoft Knowledge Base Article: 905413 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0817.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0332.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0336.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0585.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0338.html Mail List Post: http://attrition.org/pipermail/vim/2006-September/001039.html Keyword: SYMSA-2006-001 ISS X-Force ID: 25009 FrSIRT Advisory: ADV-2006-3678 CVE-2006-0009 CVE-2006-4274 CVE-2006-4854 Bugtraq ID: 17000 Bugtraq ID: 20059