Microsoft Word Document Parsing Buffer Overflow Vulnerability

08/10/2004 - 19:46 por Memmito | Informe spam
Secunia Advisory: SA12758 Print Advisory
Release Date: 2004-10-07

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Unpatched

Software: Microsoft Office 2000
Microsoft Office XP
Microsoft Word 2000
Microsoft Word 2002

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
HexView has discovered a vulnerability in Microsoft Word, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

The vulnerability is caused due to an input validation error within
the parsing of document files and may lead to a stack-based buffer
overflow.

This can be exploited to crash the process when the user opens a
specially crafted document. However, due to the nature of the problem,
execution of arbitrary code may potentially also be possible, though
it has not been proven.

The vulnerability has been confirmed in Microsoft Word 2000, but has
also been reported in Microsoft Word 2002.

Solution:
Open trusted documents only.

For Internet Explorer users, documents on web sites can be opened
automatically in the browser, unless the security level for the
"Internet" security zone is set to "High" or the "File download"
setting has been disabled.

Provided and/or discovered by:
HexView


Please note: The information, which this Secunia Advisory is based
upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports
issued by security research groups, vendors, and others.


Send Feedback to Secunia:

If you have new information regarding this Secunia advisory or a
product in our database, please send it to us using either our web
form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback is most welcome.


Found: 15 Related Secunia Security Advisories, displaying 10

- Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability
- Microsoft Multiple Products JPEG Processing Buffer Overflow
Vulnerability
- Microsoft Products Fail to Restrict "shell:" Access
- Microsoft Outlook / Word Object Tag Vulnerability
- Microsoft Internet Explorer and Outlook URL Obfuscation Issue
- Microsoft Outlook 2002 mailto URI Cross Site Scripting Vulnerability
- Microsoft Word Form Protection Bypass Vulnerability
- Microsoft Word and Excel Execution of Arbitrary Code
- Microsoft Word Macro Name Buffer Overflow Vulnerability
- Microsoft PowerPoint Modify Protection Bypass

http://secunia.com/advisories/12758/

Preguntas similare

Leer las respuestas

#1 Nennito
09/10/2004 - 13:15 | Informe spam
"Memmito" escribió en el mensaje
news:h7s08lq3120u$
Secunia Advisory: SA12758 Print Advisory
Release Date: 2004-10-07

Critical:
Highly critical
Impact: DoS
System access






!!! ME CAGO Y ME MEO EN EL ESPÍRITU SANTO EN LA BOCA DE TÚ PUTREFACTA MADRE
Y EN TODA TÚ MIERDA DE FAMILIA !!!


!!! QUE OJALÁ QUEDES TETRAPLÉGICO DE UN ACCIDENTTE DE TRÁFICO, Y QUE PASES
LARGOS AÑOS EN UNA CAMA LLENO DE TUBOS, SUFRIÉNDO LOS DOLORES MÁS
INSOPORTABLES Y CAGÁNDO CONTINUAMENTE HECES LÍQUIDAS POR TÚ PUTREFACTO CULO
ME CAGO Y ME MEO EN DIOS SÓ ESCORIA DE MIERDA PUTREFACTA !!!


!!! ME CAGO Y ME MEO EN DIOS, EN LA VIRGEN, EN LA HOSTIA EN TODOS LOS SANTOS
Y EN EL ESPÍRITU SANTO !!!

!!! SO MEMO DE MIERDA ME CAGO Y ME MEO EN LA BOCA DE TÚ PUTREFACTA MADRE, EN
TODA TÚ MIERDA DE FAMILIA PUTREFACTA, Y EN TODOS TÚS CADÁVERES !!!







Acabando con los spamers se acaba con el spam.

Denuncia a los Spamers redireccionando sus mensajes
con propiedades a la administraciones correspondientes.

Incumplimiento LSSI --> info arroba mcyt.es
Software Pirata --> webmaster arroba bsa.org
Delitos Informáticos --> delitos.tecnologicos arroba policia.es
Delitos Informáticos --> uco-delitoinformatico arroba guardiacivil.es
Pornografia Infantil --> denuncias.pornografia.infantil arroba policia.es
Pornografia Infantil --> uco-denunciapedofilia arroba guardiacivil.es
Porn. Inf. Internac. --> children arroba interpol.int

************************



Estaría dispuesto a uno de mís ojos donar
sí mi grave enfermedad mental
por un cáncer o lo que ahora llaman sida pudiera cambiar.
* Nennito *

IP Fija: 80.34.155.11
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida