Microsoft Office PNG File Handling Buffer Overflow

2013-06-18T00:00:00
ID SAINT:46FADBB66EAC1BAAA560969AE342A1A2
Type saint
Reporter SAINT Corporation
Modified 2013-06-18T00:00:00

Description

Added: 06/18/2013
CVE: CVE-2013-1331
BID: 60408
OSVDB: 94127

Background

Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.

Problem

An error in Microsoft Office 2003 SP3 for Windows when processing **PNG** files can be exploited to cause a buffer overflow via a specially crafted file. A remote attacker who persuades the user to open the crafted **DOC** file could execute arbitrary code in the context of the user running Microsoft Office.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 13-051.

References

<http://technet.microsoft.com/en-us/security/bulletin/ms13-051>
<http://secunia.com/advisories/53747/>

Limitations

This exploit has been tested against Microsoft Office 2003 SP3 on Windows XP SP3 English (DEP OptIn).

The user must save both the **DOC** and **PNG** files in the same folder, open the **DOC** file in the vulnerable Microsoft Office application, and press Alt+F9 to trigger the vulnerability.

Platforms

Windows XP