Microsoft Office Crafted Drawing Object Arbitrary Code Execution

2007-05-08T19:13:35
ID OSVDB:34396
Type osvdb
Reporter OSVDB
Modified 2007-05-08T19:13:35

Description

Vulnerability Description

A context-dependent memory corruption flaw exists in Office. Several Office components fail to validate Office drawing objects resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A context-dependent memory corruption flaw exists in Office. Several Office components fail to validate Office drawing objects resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1018014 Secunia Advisory ID:25178 News Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216 Microsoft Security Bulletin: MS07-025 Microsoft Knowledge Base Article: 934873 FrSIRT Advisory: ADV-2007-1710 CVE-2007-1747 CERT VU: 853184 Bugtraq ID: 23826