[NT]Vulnerability in Microsoft Office Allows Code Execution (MS08-055)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Vulnerability in Microsoft Office Allows Code Execution (MS08-055)
------------------------------------------------------------------------


SUMMARY

This security update resolves a privately reported vulnerability in
Microsoft Office. The vulnerability could allow remote code execution if a
user clicks a specially crafted OneNote URL. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Users whose accounts
are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.

This security update is rated Critical for supported editions of Microsoft
Office OneNote 2007 and rated Important for supported editions of
Microsoft Office XP, Microsoft Office 2003, and 2007 Microsoft Office
System. For more information, see the subsection, Affected and
Non-Affected Software, in this section.

DETAILS

Affected Software:
* Microsoft Office XP Service Pack 3 (KB953405) - Remote Code Execution -
Important - MS08-016
* Microsoft Office 2003 Service Pack 2 (KB953404) - Remote Code Execution
- Important - MS08-016
* Microsoft Office 2003 Service Pack 3 (KB953404) - Remote Code Execution
- Important - None
* 2007 Microsoft Office System (KB951944) - Remote Code Execution -
Important - MS07-025
* 2007 Microsoft Office System Service Pack 1 (KB951944) - Remote Code
Execution - Important - None
Microsoft Office OneNote 2007 (KB950130) - Microsoft Office OneNote 2007
Service Pack 1 (KB950130) - Remote Code Execution - Critical - None

Non-Affected Software:
* Microsoft Office 2000 Service Pack 3
* Microsoft Office OneNote 2003 Service Pack 2
* Microsoft Office OneNote 2003 Service Pack 3
* Microsoft Office PowerPoint Viewer 2003
* Microsoft Office Word Viewer 2003
* Microsoft Office Word Viewer 2003 Service Pack 3
* Microsoft Office Excel Viewer 2003
* Microsoft Office Excel Viewer 2003 Service Pack 3
* Microsoft Office Excel Viewer
* Microsoft Office PowerPoint 2007 Viewer
* Microsoft Office PowerPoint Viewer 2007 Service Pack 1
* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats
* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats Service Pack 1
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
* Microsoft Visual Studio 2008
* Microsoft Visual Studio 2008 Service Pack 1
* Microsoft Expression Web
* Microsoft Expression Web 2

Uniform Resource Locator Validation Error Vulnerability - CVE-2008-3007
A remote code execution vulnerability exists in the way that Microsoft
Office handles specially crafted URLs using the OneNote protocol handler
(onenote://). The vulnerability could allow remote code execution if a
user clicks a specially crafted OneNote URL. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3007>
CVE-2008-3007

Mitigating Factors for Uniform Resource Locator Validation Error
Vulnerability - CVE-2008-3007
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factors may
be helpful in your situation:

* In a Web-based attack scenario, a Web site could contain a specially
crafted link (onenote://) that is used to exploit this vulnerability. An
attacker would have to convince users to visit the Web site and open a
specially crafted OneNote URL, typically by getting them to click a link
in an e-mail message or Instant Messenger message that takes users to the
attacker's Web site, and then convincing them to click the specially
crafted link.

* An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.

* The vulnerability cannot be exploited automatically through previewing
an e-mail. For an attack to be successful a user must click a specially
crafted link that is sent in an e-mail message.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms08-055.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-055.mspx



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages