Microsoft Office Art Property Table Memory Corruption

2009-10-22T00:00:00
ID SAINT:639974D6F9A1DBBA10DD7CEEE6FE3E23
Type saint
Reporter SAINT Corporation
Modified 2009-10-22T00:00:00

Description

Added: 10/22/2009
CVE: CVE-2009-2528
BID: 36650
OSVDB: 58869

Background

Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. MS Office XP (2002) and MS Office 2000 use the Microsoft Windows GDI+ Application Programming Interface (API) to produce graphics and formatted text on both the video display and the printer instead of accessing graphics hardware directly.

Problem

A memory corruption vulnerability in the way MS Office handles malformed objects in Office Art Property Tables allows remote attackers to execute arbitrary code when a user opens a specially crafted Office document.

Resolution

Apply the patches referenced in Microsoft Security Bulletin 09-062.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx>

Limitations

Exploit works on MS Office Word 2002 SP3.

User must open the exploit file in MS Office Word.

The CPAN modules IO::Uncompress and Compress::Zlib are required by this exploit in order to compress the data transfered from the exploit web server.

Platforms

Windows