[NT] Vulnerabilities in Microsoft Office Publisher Allows Code Execution (MS08-012)



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Vulnerabilities in Microsoft Office Publisher Allows Code Execution
(MS08-012)
------------------------------------------------------------------------


SUMMARY

This critical security update resolves two privately reported
vulnerabilities in Microsoft Office Publisher that could allow remote code
execution if a user opens a specially crafted Publisher file. An attacker
who successfully exploited these vulnerabilities could take complete
control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.

This is a critical security update for supported releases of Microsoft
Office Publisher 2000; supported releases of Microsoft Office Publisher
2002; and supported editions of Microsoft Office Publisher 2003 Service
Pack 2. Microsoft Publisher 2003 Service Pack 3, Microsoft Office
Publisher 2007, and Microsoft Office Publisher 2007 Service Pack 1 are not
impacted by this vulnerability. For more information, see the subsection,
Affected and Non-Affected Software, in this section.

DETAILS

Affected Software
Office Suite and Other Affected Software - Component - Maximum Security
Impact - Aggregate Severity Rating - Bulletins Replaced by This Update
* Microsoft Office 2000 Service Pack 3 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=D8B085FB-858F-4C7E-96DE-EDFF8F49D62A> Microsoft Office Publisher 2000 (KB946255) - Remote Code Execution - Critical - MS06-054
* Microsoft Office XP Service Pack 3 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=1135C63A-6CE7-4051-81BA-BFBBA8D857FB> Microsoft Office Publisher 2002 (KB946216) - Remote Code Execution - Important - MS06-054
* Microsoft Office 2003 Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=7078B952-09F6-4C47-8C05-40667E1F1C3B> Microsoft Office Publisher 2003 Service Pack 2 (KB946254) - Remote Code Execution - Important - MS06-054

Non-Affected Software
Office Suite - Application
* 2007 Microsoft Office System - Microsoft Office Publisher 2007
* 2007 Microsoft Office System Service Pack 1 - Microsoft Office
Publisher 2007 Service Pack 1
* Microsoft Office 2003 Service Pack 3 - Microsoft Office Publisher 2003
Service Pack 3

Publisher Invalid Memory Reference Vulnerability - CVE-2008-0102
A remote code execution vulnerability exists in the way Microsoft Office
Publisher validates application data when loading Publisher files to
memory. An attacker could exploit the vulnerability by constructing a
specially crafted Publisher (.pub) file. When a user views the .pub file,
the vulnerability could allow remote code execution. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0102>
CVE-2008-0102

Publisher Memory Corruption Vulnerability - CVE-2008-0104
A remote code execution vulnerability exists in the way Microsoft Office
Publisher validates memory index values. An attacker could exploit the
vulnerability by constructing a specially crafted Publisher (.pub) file.
When a user views the .pub file, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability could
take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0102>
CVE-2008-0102


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages