Microsoft Office: Drawing Shape Container Parsing Vulnerability

Users of Microsoft Office please be advised of a Drawing Shape Container Parsing vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Microsoft-SA-11/09/2010: Microsoft Office Drawing Shape Container Parsing Vulnerability
Affected Software

* Microsoft Office XP SP3
* Microsoft Office 2003 SP3
* Microsoft Office 2007 SP2
* Microsoft Office 2010

NOTE: Other versions may also be affected.

Description of Vulnerability

Secunia Research has discovered a vulnerability in Microsoft Office,
which can be exploited by malicious people to compromise a user’s
system.

The vulnerability is caused by insufficient validation when parsing an
Office Art Drawing record, which contains “msofbtSp” records that
specify certain flags. This can be exploited to corrupt memory via a
specially crafted Office file.

Successful exploitation allows execution of arbitrary code.Read more at http://www.criticalwatch.com

 

Advertisements