Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2008-3020 to a friend New vulnerability? New tool? Tell us	CVE-2008-3020 Microsoft Office BMP Input Filter Heap Overflow Vulnerability (MS08-044)     Credit: The information has been provided by iDefense Labs Security Advisories. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=736 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2008-3020 Details Check for CVE-2008-3020 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * "BMPIMP32.FLT" module installed with Microsoft Office XP SP3, including all patches as of May 24, 2006 The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code. Analysis: Exploitation could allow attackers to execute arbitrary code on the targeted host under the security context of the current logged in user. Successful exploitation would require the attacker to entice his or her victim into opening a specially crafted BMP image with a vulnerable version of Office. Workaround: This workaround replaces the affected filter with an empty file. Creating this file prevents Office from offering to reinstall the affected component.  1. Close all running applications.  2. Open the folder "C:\Program Files\Common Files\Microsoft Shared\Grphflt".  3. Rename the file "BMPIMP32.FLT" to "BMPIMP.FLT.disabled".  4. Create an empty file in this directory with the name "BMPIMP32.FLT". (Open Notepad, go to this directory and choose File, Save..., type "BMPIMP32.FLT" including the quotes and click Save. In testing on Windows 2000 with Office XP SP3 installed, this workaround did not adversely impact functionality. BMP format image files can still be imported into Word, but the operations that can be performed on them may be impacted. Vendor response: Microsoft has officially addressed this vulnerability with Security Bulletin MS08-044. For more information, consult their bulletin at the following URL: http://www.microsoft.com/technet/security/bulletin/ms08-044.mspx CVE Information: CVE-2008-3020 Disclosure timeline: 09/11/2006 - Initial vendor notification 09/11/2006 - Initial vendor response 08/12/2008 - Coordinated public disclosure  Comments on CVE-2008-3020:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®