Users of Microsoft Office please be advised of a Drawing Shape Container Parsing vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Office-SA-11/09/2010: Microsoft Office Drawing Shape Container Parsing Vulnerability
Affected Software
* Microsoft Office XP SP3
* Microsoft Office 2003 SP3
* Microsoft Office 2007 SP2
* Microsoft Office 2010
NOTE: Other versions may also be affected.
Description of Vulnerability
Secunia Research has discovered a vulnerability in Microsoft Office,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused by insufficient validation when parsing an
Office Art Drawing record, which contains "msofbtSp" records that
specify certain flags. This can be exploited to corrupt memory via a
specially crafted Office file.
Successful exploitation allows execution of arbitrary code.
Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/f4ny

No comments:
Post a Comment