Freely subscribe to our NEWSLETTER

SYNTHESIS

Several vulnerabilities has been discovered in Microsoft Office.

Gravity: 3/4

Consequences: privileged access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/08/2008

Identifier: VIGILANCE-VUL-8026

IMPACTED PRODUCTS

– Microsoft Access [confidential versions]
– Microsoft Excel [confidential versions]
– Microsoft PowerPoint [confidential versions]
– Microsoft Project [confidential versions]
– Microsoft Publisher [confidential versions]
– Microsoft Visio [confidential versions]
– Microsoft Word [confidential versions]

DESCRIPTION

Microsoft Office uses picture filters. They are used to convert
pictures in a standard format known by MS Office.

The filter used for EPS files is "EPSIMP32.FLT". It is possible to
realise a buffer overflow threating a malicious .eps picture.
[grav:3/4; 924090, CVE-2008-3019, MS08-044]

The filter used for PICT files is "PICTIM32.FLT". It is possible
to realise a buffer overflow defining an invalid number of bit per
pixel. [grav:3/4; 924090, CVE-2008-3018, MS08-044]

The filter used for PICT files is "PICTIM32.FLT". It is possible
to realise a buffer overflow defining an invalid lenght to the
picture. [grav:3/4; 924090, CVE-2008-3021, MS08-044]

The filter used for bitmap "BMPIMP32.FLT". It is possible to
create a buffer overflow threating a .bmp picture with a very
large number of colors. [grav:3/4; 924090, CVE-2008-3020, MS08-044]

The filter used for WPG files is "WPGIMP32.FLT". It is possible to
realise a buffer overflow threating a malicious .wpg picture.
[grav:3/4; 924090, CVE-2008-3460, MS08-044]

CHARACTERISTICS

Identifiers: 924090, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, MS08-044, VIGILANCE-VUL-8026

https://vigilance.aql.fr/tree/1/8026