[NT] Microsoft Office InfoPath 2003 Form Handling DoS

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Microsoft Office InfoPath 2003 Form Handling DoS
------------------------------------------------------------------------


SUMMARY

" <http://www.microsoft.com/office/infopath/prodinfo/default.mspx>
InfoPath 2003 allow you to gather information flexibly and efficiently in
rich, dynamic forms and more effectively share, reuse, and repurpose
information throughout your team or organization."

Microsoft Office InfoPath 2003 will stop responding when an attacker
repeatedly clicks the Delete command button to delete sections in a
repeating section table on a form.

DETAILS

Vulnerable Systems:
* Microsoft Windows Server 2003, Standard Edition (32-bit x86)
* Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
* Microsoft Windows Server 2003, Web Edition
* Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
* Microsoft Internet Explorer (Programming) 6.0
* Microsoft Internet Explorer 6.0
* Microsoft Windows XP Professional
* Microsoft Windows XP Home Edition

The vulnerability is caused due to a design error when repeatedly clicking
the 'Delete' button to delete sections in a repeating section table on a
form. This causes a Denial of Service (DoS) state (application crash). It
is possible that OS generates the following alert:

"Microsoft InfoPath has encountered a problem and needs to close. We are
sorry for the inconvenience."

It is needed to restart the application to continue using InfoPath 2003.

Mshtml.dll shared library experiences an access violation when
button-focus events are being processed at the same time that the document
that hosts the buttons reloads. Additionally, this is due to fact that
InfoPath 2003 uses Mshtml.dll component to display a form.

Normally this problem occurs when a form that has several command buttons
is used.

Vendor Status:
The vendor has issued a fix with the release of
<http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx>
Microsoft Security Bulletin MS05-054


ADDITIONAL INFORMATION

The information has been provided by <mailto:juha-matti.laurio@xxxxxxxx>
Juha-Matti Laurio.
The vendor advisory can be found at:
<http://support.microsoft.com/kb/908233/>
http://support.microsoft.com/kb/908233/
The hotfix advisory can be found at:
<http://www.securiteam.com/windowsntfocus/6E00B15EUG.html>
http://www.securiteam.com/windowsntfocus/6E00B15EUG.html



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages