Microsoft Office Drawing Shapes memory corruption vulnerability

2008-04-04T00:00:00
ID SAINT:3ACFCA295A1FCFB88E4E6875C98C8510
Type saint
Reporter SAINT Corporation
Modified 2008-04-04T00:00:00

Description

Added: 04/04/2008
CVE: CVE-2008-0118
BID: 28146
OSVDB: 42709

Background

Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.

Problem

A memory corruption vulnerability allows command execution when a user opens a specially crafted Microsoft Office file.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-016.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx>

Limitations

Exploit works on Microsoft PowerPoint 2002 SP3 with the patch KB934705.

Platforms

Windows