---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Microsoft Office Filters Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31336 VERIFY ADVISORY: http://secunia.com/advisories/31336/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Works 8.x http://secunia.com/product/7215/ Microsoft Project 2002 http://secunia.com/product/157/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Office File Converter Pack http://secunia.com/product/19557/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) An error in the EPS (Encapsulated PostScript) filter when handling the length of EPS images can be exploited to corrupt memory via e.g. an Office document containing a specially crafted EPS file. 2) An error in the PICT filter when handling the length of PICT images can be exploited to corrupt memory via a specially crafted PICT image. 3) Another error in the PICT filter when parsing PICT images can be exploited to corrupt memory via a specially crafted PICT image. 4) An error in the BMP filter when handling the length of BMP images can be exploited to corrupt memory via a specially crafted BMP image. 5) An error in the WPG (WordPerfect Graphics) filter when handling the length of WPG images can be exploited to corrupt memory via a specially crafted WPG image or WordPerfect document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=3ab323ec-9f92-453c-b7c7-9a95a9efcaea Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79 Microsoft Office 2003 SP2 (SP3 is not affected): http://www.microsoft.com/downloads/details.aspx?familyid=e0df2f6e-1102-461d-829f-5f3e2d7eb4b3 Microsoft Office Project 2002 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=bf566ce6-23da-45e5-9c2b-c47331d30e79 Microsoft Office Converter Pack: http://www.microsoft.com/downloads/details.aspx?familyid=199b08c7-6d79-4930-8f0c-31034629c485 Microsoft Works 8: http://www.microsoft.com/downloads/details.aspx?familyid=458985C3-9C6F-4049-81CD-0D0389C81F11 PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits Shaun Colley, NGS Software. 3) The vendor credits Damian Put via ZDI. 4) The vendor credits an anonymous person via iDefense. 5) The vendor credits Damian Put via iDefense. ORIGINAL ADVISORY: MS08-044 (KB924090): http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------