Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution

2007-02-13T17:19:03
ID OSVDB:31886
Type osvdb
Reporter Fabrice Desclaux(), Kostya Kortchinsky()
Modified 2007-02-13T17:19:03

Description

Vulnerability Description

A local memory corruption flaw exists in several Microsoft products. The RichEdit component fails to validate OLE objects contained in a RTF file resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A local memory corruption flaw exists in several Microsoft products. The RichEdit component fails to validate OLE objects contained in a RTF file resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com Vendor Specific Advisory URL Security Tracker: 1017640 Security Tracker: 1017641 Secunia Advisory ID:24152 Microsoft Security Bulletin: MS07-013 Microsoft Knowledge Base Article: 918118 ISS X-Force ID: 30592 FrSIRT Advisory: ADV-2007-0582 CVE-2006-1311 CERT VU: 368132 Bugtraq ID: 21876