|
|
| |
Credit:
The information has been provided by Carsten Eiram.
The original article can be found at: http://seclists.org/fulldisclosure/2010/Dec/525
|
| |
Vulnerable Systems:
* Microsoft Office XP SP3
* Microsoft Office Converter Pack
* Microsoft Works 9
1) An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image.
2) Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
Patch Availability:
Apply patches provided by MS10-105:
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
CVE Information:
CVE-2010-3947
Disclosure Timeline:
07/07/2010 - Vendor notified about vulnerability #1.
08/07/2010 - Vendor notified about vulnerability #2.
08/07/2010 - Vendor response.
08/11/2010 - Vendor informed that December is the final deadline.
14/12/200X - Public disclosure.
|
|
|
