Microsoft Office MSO.DLL String Processing Overflow

2006-07-11T15:34:10
ID OSVDB:27150
Type osvdb
Reporter Elia Florio(elia_florio@symantec.com)
Modified 2006-07-11T15:34:10

Description

Vulnerability Description

A local overflow exists in Office, Project, Visio and Office for Mac. MSO.DLL fails to validate Office documents resulting in a buffer overflow. With a specially crafted file containing a malformed string, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A local overflow exists in Office, Project, Visio and Office for Mac. MSO.DLL fails to validate Office documents resulting in a buffer overflow. With a specially crafted file containing a malformed string, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Secunia Advisory ID:21012 Related OSVDB ID: 27149 Related OSVDB ID: 27148 Microsoft Security Bulletin: MS06-038 Microsoft Knowledge Base Article: 917284 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0135.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0141.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0120.html Keyword: SYMSA-2006-007 ISS X-Force ID: 27607 ISS X-Force ID: 27609 Generic Exploit URL: http://www.milw0rm.com/exploits/1615 CVE-2006-1540 CERT VU: 609868 Bugtraq ID: 17252 Bugtraq ID: 18889