Vigil@nce: MS Office, multiple vulnerabilities
August 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities has been discovered in Microsoft Office.
Gravity: 3/4
Consequences: privileged access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 13/08/2008
Identifier: VIGILANCE-VUL-8026
IMPACTED PRODUCTS
– Microsoft Access [confidential versions]
– Microsoft Excel [confidential versions]
– Microsoft PowerPoint [confidential versions]
– Microsoft Project [confidential versions]
– Microsoft Publisher [confidential versions]
– Microsoft Visio [confidential versions]
– Microsoft Word [confidential versions]
DESCRIPTION
Microsoft Office uses picture filters. They are used to convert
pictures in a standard format known by MS Office.
The filter used for EPS files is "EPSIMP32.FLT". It is possible to
realise a buffer overflow threating a malicious .eps picture.
[grav:3/4; 924090, CVE-2008-3019, MS08-044]
The filter used for PICT files is "PICTIM32.FLT". It is possible
to realise a buffer overflow defining an invalid number of bit per
pixel. [grav:3/4; 924090, CVE-2008-3018, MS08-044]
The filter used for PICT files is "PICTIM32.FLT". It is possible
to realise a buffer overflow defining an invalid lenght to the
picture. [grav:3/4; 924090, CVE-2008-3021, MS08-044]
The filter used for bitmap "BMPIMP32.FLT". It is possible to
create a buffer overflow threating a .bmp picture with a very
large number of colors. [grav:3/4; 924090, CVE-2008-3020, MS08-044]
The filter used for WPG files is "WPGIMP32.FLT". It is possible to
realise a buffer overflow threating a malicious .wpg picture.
[grav:3/4; 924090, CVE-2008-3460, MS08-044]
CHARACTERISTICS
Identifiers: 924090, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, MS08-044, VIGILANCE-VUL-8026