|
|
|
|
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
|
| |
Affected Software:
Microsoft Office Suites and Components
* Microsoft Office 2000 Service Pack 3 - Microsoft Word 2000 Service Pack 3 (KB950250) - Remote Code Execution - Critical - MS08-009
* Microsoft Office XP Service Pack 3 - Microsoft Word 2002 Service Pack 3 (KB950243) - Remote Code Execution - Important - MS08-009
* Microsoft Office 2003 Service Pack 2 - Microsoft Word 2003 Service Pack 2 (KB950241) - Remote Code Execution - Important - MS08-009
* Microsoft Office 2003 Service Pack 3 - Microsoft Word 2003 Service Pack 3 (KB950241) - Remote Code Execution - Important - MS08-009
* 2007 Microsoft Office System - Microsoft Word 2007 (KB950113) - Remote Code Execution - Important - None
* Microsoft Office 2003 Service Pack 3 - Microsoft Outlook 2007 (KB950113) - Remote Code Execution - Critical - None
* 2007 Microsoft Office System Service Pack 1 - Microsoft Word 2007 Service Pack 1 (KB950113) - Remote Code Execution - Important - None
* 2007 Microsoft Office System Service Pack 1 - Microsoft Outlook 2007 Service Pack 1 (KB950113) - Remote Code Execution - Critical - None
Other Office Software
* Microsoft Word Viewer 2003 (KB950625) - Not applicable - Remote Code Execution - Important - MS08-009
* Microsoft Word Viewer 2003 Service Pack 3 (KB950625) - Not applicable - Remote Code Execution - Important - MS07-024
* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (KB951808) - Not applicable - Remote Code Execution - Important - None
* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 (KB951808) - Not applicable - Remote Code Execution - Important - None
Microsoft Office for Mac
* Microsoft Office 2004 for Mac (KB952332) - Not applicable - Remote Code Execution - Important - MS08-014
* Microsoft Office 2008 for Mac (KB952331) - Not applicable - Remote Code Execution - Important - MS08-014
Non-Affected Software:
* Microsoft Works 8.0
* Microsoft Works 8.5
* Microsoft Works 9.0
* Microsoft Works Suite 2005
* Microsoft Works Suite 2006
Object Parsing Vulnerability - CVE-2008-1091
A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (.rtf) files. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE Information:
CVE-2008-1091
Word Cascading Style Sheet (CSS) Vulnerability - CVE-2008-1434
A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE Information:
CVE-2008-1434
Mitigating Factors:
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:
* In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document. The features of the Office Document Open Confirmation Tool are incorporated in Office XP and later editions of Office.
Workarounds:
Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality.
* Use Microsoft Office File Block policy to prevent the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.
The following registry scripts can be used to set the File Block policy.
Note Modifying the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from incorrect modification of the Registry can be solved. Modify the Registry at your own risk.
For Office 2003
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock]
"HTMLFiles"=dword:00000001
Note In order to use 'FileOpenBlock' with Office 2003, all of the latest Office 2003 security updates as of May 2007 must be applied.
Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open HTML documents in Word or Outlook.
How to undo the workaround:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock]
"HTMLFiles"=dword:00000000
For Office 2007
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]
"HTMLFiles"=dword:00000001
Note In order to use 'FileOpenBlock' with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied.
Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open HTML documents in Word 2003 or 2007 Microsoft Office System.
How to undo the workaround:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]
"HTMLFiles"=dword:00000000
* Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.
|
|
|
|
|
