Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: MS Office, multiple vulnerabilities

August 2008 by Vigil@nce

SYNTHESIS

Several vulnerabilities has been discovered in Microsoft Office.

Gravity: 3/4

Consequences: privileged access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/08/2008

Identifier: VIGILANCE-VUL-8026

IMPACTED PRODUCTS

- Microsoft Access [confidential versions]
- Microsoft Excel [confidential versions]
- Microsoft PowerPoint [confidential versions]
- Microsoft Project [confidential versions]
- Microsoft Publisher [confidential versions]
- Microsoft Visio [confidential versions]
- Microsoft Word [confidential versions]

DESCRIPTION

Microsoft Office uses picture filters. They are used to convert pictures in a standard format known by MS Office.

The filter used for EPS files is "EPSIMP32.FLT". It is possible to realise a buffer overflow threating a malicious .eps picture. [grav:3/4; 924090, CVE-2008-3019, MS08-044]

The filter used for PICT files is "PICTIM32.FLT". It is possible to realise a buffer overflow defining an invalid number of bit per pixel. [grav:3/4; 924090, CVE-2008-3018, MS08-044]

The filter used for PICT files is "PICTIM32.FLT". It is possible to realise a buffer overflow defining an invalid lenght to the picture. [grav:3/4; 924090, CVE-2008-3021, MS08-044]

The filter used for bitmap "BMPIMP32.FLT". It is possible to create a buffer overflow threating a .bmp picture with a very large number of colors. [grav:3/4; 924090, CVE-2008-3020, MS08-044]

The filter used for WPG files is "WPGIMP32.FLT". It is possible to realise a buffer overflow threating a malicious .wpg picture. [grav:3/4; 924090, CVE-2008-3460, MS08-044]

CHARACTERISTICS

Identifiers: 924090, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, MS08-044, VIGILANCE-VUL-8026

https://vigilance.aql.fr/tree/1/8026




See previous articles

    

See next articles