---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Microsoft Works File Converter File Parsing Vulnerabilities SECUNIA ADVISORY ID: SA28904 VERIFY ADVISORY: http://secunia.com/advisories/28904/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Works 8.x http://secunia.com/product/7215/ Microsoft Works Suite 2005 http://secunia.com/product/8711/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Office and Microsoft Works, which can be exploited by malicious people to compromise a user's system. 1) An error in the Works File Converter when processing section length headers can be exploited via a specially crafted Works (.wps) file. 2) An error in the Works File Converter when processing section header index table information can be exploited via a specially crafted Works (.wps) file. 3) An error in the Works File Converter when processing field length information can be exploited via a specially crafted Works (.wps) file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office 2003 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 Microsoft Office 2003 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 Microsoft Works 8.0: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Damian Put via VeriSign iDefense VCP. 2) The vendor credits IBM ISS X-Force. 3) The vendor credits VeriSign iDefense VCP. ORIGINAL ADVISORY: MS08-011 (KB947081): http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------