|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=737
|
| |
Vulnerable Systems:
* Microsoft Office XP SP3
* Microsoft Office 2003 SP2
* Microsoft Office 97
This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code.
Analysis:
Exploitation allows an attacker to execute arbitrary code in the context of the targeted user. In order to exploit this issue, a targeted user must process an attacker supplied WPG file with Microsoft Office. This issue could be exploited by using a malformed WPG file, or by using a Wordperfect document containing such a file.
By default, Microsoft Office Products do not register the WPG or WP file types and the system will prompt the user for the application to open the files with. Additionally the Microsoft Web Service does not offer suggestions as to which application to use to open these extensions.
The Word Perfect Importer is not installed by default and may require an installation CD in order to install this feature. Users will likely be shown a dialog asking if they wish to install this Importer upon opening a Word Perfect document file type.
Vendor response:
Microsoft has officially addressed this vulnerability with Security Bulletin MS08-044. For more information, consult their bulletin at the following URL: http://www.microsoft.com/technet/security/bulletin/ms08-044.mspx
CVE Information:
CVE-2008-3460
Disclosure timeline:
11/07/2006 - Initial vendor notification
11/07/2006 - Initial vendor response
08/12/2008 - Coordinated public disclosure
|
|
|
|
|
