[NT] Vulnerabilities in Microsoft Office Publisher Allows Code Execution (MS08-012)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 15 Feb 2008 09:10:10 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerabilities in Microsoft Office Publisher Allows Code Execution
(MS08-012)
------------------------------------------------------------------------
SUMMARY
This critical security update resolves two privately reported
vulnerabilities in Microsoft Office Publisher that could allow remote code
execution if a user opens a specially crafted Publisher file. An attacker
who successfully exploited these vulnerabilities could take complete
control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.
This is a critical security update for supported releases of Microsoft
Office Publisher 2000; supported releases of Microsoft Office Publisher
2002; and supported editions of Microsoft Office Publisher 2003 Service
Pack 2. Microsoft Publisher 2003 Service Pack 3, Microsoft Office
Publisher 2007, and Microsoft Office Publisher 2007 Service Pack 1 are not
impacted by this vulnerability. For more information, see the subsection,
Affected and Non-Affected Software, in this section.
DETAILS
Affected Software
Office Suite and Other Affected Software - Component - Maximum Security
Impact - Aggregate Severity Rating - Bulletins Replaced by This Update
* Microsoft Office 2000 Service Pack 3 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=D8B085FB-858F-4C7E-96DE-EDFF8F49D62A> Microsoft Office Publisher 2000 (KB946255) - Remote Code Execution - Critical - MS06-054
* Microsoft Office XP Service Pack 3 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=1135C63A-6CE7-4051-81BA-BFBBA8D857FB> Microsoft Office Publisher 2002 (KB946216) - Remote Code Execution - Important - MS06-054
* Microsoft Office 2003 Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=7078B952-09F6-4C47-8C05-40667E1F1C3B> Microsoft Office Publisher 2003 Service Pack 2 (KB946254) - Remote Code Execution - Important - MS06-054
Non-Affected Software
Office Suite - Application
* 2007 Microsoft Office System - Microsoft Office Publisher 2007
* 2007 Microsoft Office System Service Pack 1 - Microsoft Office
Publisher 2007 Service Pack 1
* Microsoft Office 2003 Service Pack 3 - Microsoft Office Publisher 2003
Service Pack 3
Publisher Invalid Memory Reference Vulnerability - CVE-2008-0102
A remote code execution vulnerability exists in the way Microsoft Office
Publisher validates application data when loading Publisher files to
memory. An attacker could exploit the vulnerability by constructing a
specially crafted Publisher (.pub) file. When a user views the .pub file,
the vulnerability could allow remote code execution. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0102>
CVE-2008-0102
Publisher Memory Corruption Vulnerability - CVE-2008-0104
A remote code execution vulnerability exists in the way Microsoft Office
Publisher validates memory index values. An attacker could exploit the
vulnerability by constructing a specially crafted Publisher (.pub) file.
When a user views the .pub file, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability could
take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0102>
CVE-2008-0102
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Vulnerability in Microsoft Word Allows Code Execution (MS08-009)
- Next by Date: [UNIX] Apache Web Server htpasswd Predictable Salt Weakness
- Previous by thread: [NT] Vulnerability in Microsoft Word Allows Code Execution (MS08-009)
- Next by thread: [UNIX] Apache Web Server htpasswd Predictable Salt Weakness
- Index(es):
Relevant Pages
|
|
