[NT] Vulnerabilities in Microsoft Visio Allows Code Execution (MS08-019)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 9 Apr 2008 08:56:25 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerabilities in Microsoft Visio Allows Code Execution (MS08-019)
------------------------------------------------------------------------
SUMMARY
This security update resolves privately reported vulnerabilities in
Microsoft Office Visio that could allow remote code execution if a user
opens a specially crafted Visio file. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Users whose accounts
are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Visio 2002
Service Pack 2, Microsoft Office Visio 2003 Service Pack 2, Microsoft
Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007, and
Microsoft Office Visio 2007 Service Pack 1. For more information, see the
subsection, Affected and Non-Affected Software, in this section.
DETAILS
Affected Software:
Office Suite and Other Software - Component - Maximum Security Impact -
Aggregate Severity Rating - Bulletins Replaced by this Update
* Microsoft Office XP Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0056a936-def5-40fa-bcfc-0ab0dd5c3964> Microsoft Visio 2002 Service Pack 2 (KB947896) - Remote Code Execution - Important - MS07-030
* Microsoft Office 2003 Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=18af0ce6-99a0-4471-8d26-9700a8a8e631> Microsoft Visio 2003 Service Pack 2 (KB947650) - Remote Code Execution - Important - MS07-030
* Microsoft Office 2003 Service Pack 3 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=18af0ce6-99a0-4471-8d26-9700a8a8e631> Microsoft Visio 2003 Service Pack 3 (KB947650) - Remote Code Execution - Important - MS07-030
* 2007 Microsoft Office System -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0510a1bb-b464-452c-900f-7f4e58ed9c7e> Microsoft Visio 2007 (KB947590) - Remote Code Execution - Important - None
* 2007 Microsoft Office System Service Pack 1 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0510a1bb-b464-452c-900f-7f4e58ed9c7e> Microsoft Visio 2007 Service Pack 1 (KB947590) - Remote Code - Execution - Important - None
Non-Affected Software:
* Microsoft Visio 2002 Viewer
* Microsoft Visio 2003 Viewer
* Microsoft Visio 2007 Viewer
* Microsoft Visio 2007 Viewer Service Pack 1
Visio Object Header Vulnerability - CVE-2008-1089
A remote code execution vulnerability exists in the way Microsoft Visio
validates object header data in specially crafted files. An attacker could
exploit the vulnerability by sending a malformed file which could be
included as an e-mail attachment, or hosted on a specially crafted or
compromised Web site.
If a user were logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could be
less affected than users who operate with administrative user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1089>
CVE-2008-1089
Workarounds for Visio Object Header Vulnerability - CVE-2008-1089
Workaround refers to a setting or configuration change that does not
correct the underlying vulnerability but would help block known attack
vectors before you apply the update. Microsoft has tested the following
workarounds and states in the discussion whether a workaround reduces
functionality:
* Use Microsoft Visio 2003 Viewer or Microsoft Visio 2007 Viewer to open
and view Visio files. Microsoft Visio 2003 Viewer and Microsoft Visio 2007
Viewer are not affected by the issue.
* Do not open or save Visio files that you receive from untrusted sources
or that you receive unexpectedly from trusted sources. This vulnerability
could be exploited when a user opens a specially crafted file.
Visio Memory Validation Vulnerability - CVE-2008-1090
A remote code execution vulnerability exists in the way Microsoft Visio
validates memory allocations when loading specially-crafted .DXF files
from disk into memory. An attacker could exploit the vulnerability by
sending a malformed file which could be included as an e-mail attachment,
or hosted on a specially crafted or compromised Web site.
If a user were logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could be
less affected than users who operate with administrative user rights.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1090>
CVE-2008-1090
Workarounds for Visio Memory Validation Vulnerability - CVE-2008-1090
Workaround refers to a setting or configuration change that does not
correct the underlying vulnerability but would help block known attack
vectors before you apply the update. Microsoft has tested the following
workarounds and states in the discussion whether a workaround reduces
functionality:
* Disable Visio from opening .DXF file by restricting access to
DWGDP.DLL.
To restrict access to DWGDP.DLL, type the following at the command prompt:
Note For Vista, an account with administrator privileges is required to
implement this workaround.
For Windows XP
Echo y|cacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /D
everyone
For Windows Vista
Takeown.exe /f "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll"
Icacls.exe "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /save
%TEMP%\DWGDP_ACL.TXT
Icacls.exe "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /deny
everyone:(F)
Impact of Workaround: The impact of implementing this workaround is that
Visio will no longer open AutoCAD drawing files (.DXF). If you have no
need to open AutoCAD drawing files, this workaround should have no impact
to your system s functionality.
How to Undo the Workaround: To rollback this workaround, type the
following at the command prompt:
For Windows XP
cacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /G everyone
For Windows Vista
Icacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /grant
everyone:(F)
Icacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /restore
%TEMP%\DWGDP_ACL.TXT
* Use Microsoft Visio 2003 Viewer or Microsoft Visio 2007 Viewer to open
and view Visio files. Microsoft Visio 2003 Viewer and Microsoft Visio 2007
Viewer are not affected by the issue.
* Do not open or save Microsoft Office files that you receive from
untrusted sources or that you receive unexpectedly from trusted sources.
This vulnerability could be exploited when a user opens a specially
crafted file.
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Vulnerability in Microsoft Project Allows Code Execution (MS08-018)
- Next by Date: [NT] Vulnerability in DNS Client Allows Spoofing (MS08-020)
- Previous by thread: [NT] Vulnerability in Microsoft Project Allows Code Execution (MS08-018)
- Next by thread: [NT] Vulnerability in DNS Client Allows Spoofing (MS08-020)
- Index(es):
Relevant Pages
|
