Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Vulnerability in Microsoft Office Publisher 2007 Allows Code Execut

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Vulnerability in Microsoft Office Publisher 2007 Allows Code Execution (MS07-037)
Date: 11 Jul 2007 11:06:12 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerability in Microsoft Office Publisher 2007 Allows Code Execution 
(MS07-037)
------------------------------------------------------------------------


SUMMARY

This important security update resolves one publicly disclosed 
vulnerability. This vulnerability could allow remote code execution if a 
user viewed a specially crafted Microsoft Office Publisher file. Users 
whose accounts are configured to have fewer user rights on the system 
could be less impacted than users who operate with administrative user 
rights. User interaction is required to exploit this vulnerability.

DETAILS

Vulnerable Systems:
 * 2007 Microsoft Office System -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=25D272E7-F2DD-4342-92BE-7EBC2E770B44>
 Microsoft Office Publisher 2007

Immune Systems:
 * Microsoft Office 2000 Service Pack 3 - Microsoft Publisher 2000
 * Microsoft Office XP Service Pack 3 - Microsoft Publisher 2002
 * Microsoft Office 2003 Service Pack 2 - Microsoft Publisher 2003

A remote code execution vulnerability exists in the way Publisher does not 
adequately clear out memory resources when writing application data from 
disk to memory. An attacker could exploit the vulnerability by 
constructing a specially crafted Publisher (.pub) page. When a user views 
the .pub page, the vulnerability could allow remote code execution. An 
attacker who successfully exploited this vulnerability could take complete 
control of an affected system.

Workarounds for Publisher Invalid Memory Reference Vulnerability - 
CVE-2007-1754
Workaround refers to a setting or configuration change that does not 
correct the underlying vulnerability but would help block known attack 
vectors before you apply the update. Microsoft has tested the following 
workarounds and states in the discussion whether a workaround reduces 
functionality:

 * Do not open or save Microsoft Office files that you receive from 
untrusted sources or that you receive unexpectedly from trusted sources. 
This vulnerability could be exploited when a user opens a specially 
crafted file.

 * Modify Access Control List on pubconv.dll
To modify the Access Control List (ACL) on pubconv.dll to be more 
restrictive, follow these steps:

1. Click Start, click Run, type "cmd" (without the quotation marks), and 
then click OK.

2. Type the following command at a command prompt. Make a note of the 
current ACLs that are on the file (including inheritance settings) for 
future reference in case you have to undo this modification:

cacls \Program Files\Microsoft Office\Office12\pubconv.dll

3. Type the following command at a command prompt to deny the  everyone  
group access to this file:

cacls \Program Files\Microsoft Office\Office12 /d everyone

Impact of Workaround: Applications that require the use of previous 
editions of Publisher documents may no longer function correctly.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1754> 
CVE-2007-1754


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/Bulletin/ms07-037.mspx> 
http://www.microsoft.com/technet/security/Bulletin/ms07-037.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Vulnerability in Microsoft Office Publisher 2007 Allows Code Execution (MS07-037), SecuriTeam <=
Previous by Date:  [TOOL] PyFault - Python Based Fault Injection in Win32 Based Application, SecuriTeam
Next by Date:  [NT] Vulnerability in Windows Active Directory Allows Code Execution (MS07-039), SecuriTeam
Previous by Thread:  [TOOL] PyFault - Python Based Fault Injection in Win32 Based Application, SecuriTeam
Next by Thread:  [NT] Vulnerability in Windows Active Directory Allows Code Execution (MS07-039), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]