Network Security: Detailed info on [NT] Vulnerabilities in Microsoft Works File Converter Allows Code Execu

Subject:	[NT] Vulnerabilities in Microsoft Works File Converter Allows Code Execution (MS08-011)
Date:	15 Feb 2008 09:06:30 +0200

The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerabilities in Microsoft Works File Converter Allows Code Execution 
(MS08-011)
------------------------------------------------------------------------


SUMMARY

This important security update resolves three privately reported 
vulnerabilities in the Microsoft Works File Converter. These 
vulnerabilities could allow remote code execution if a user opens a 
specially crafted Works (.wps) file with an affected version of Microsoft 
Office, Microsoft Works, or Microsoft Works Suite. An attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system. An attacker could then install programs; view, change, 
or delete data; or create new accounts with full user rights.

This is an important security update for all supported editions of 
Microsoft Works Converter. For more information, see the subsection, 
Affected and Non-Affected Software, in this section.

DETAILS

Affected Software
Office Suite and Other Affected Software - Component - Maximum Security 
Impact - Aggregate Severity Rating - Bulletins Replaced by this Update
 * Microsoft Office 2003 Service Pack 2 - Microsoft Works 6 File Converter 
(KB943973) - Remote Code Execution - Moderate - None
 * Microsoft Office 2003 Service Pack 3 - Microsoft Works 6 File Converter 
(KB943973) - Remote Code Execution - Moderate  - None
 * Microsoft Works 8.0 - Microsoft Works 6 File Converter (KB943973) - 
Remote Code Execution - Important - None
 * Microsoft Works Suite 2005 - Microsoft Works 6 File Converter 
(KB943973) - Remote Code Execution - Important - None

Non-Affected Software
 * Microsoft Works 8.5
 * Microsoft Works 9.0
 * Microsoft Works Suite 2006
 * 2007 Microsoft Office System
 * Microsoft Office 2000
 * Microsoft Office XP

Microsoft Works File Converter Input Validation Vulnerability - 
CVE-2007-0216
A remote code execution vulnerability exists in Microsoft Works File 
Converter due to the way that it improperly validates section length 
headers with the .wps format. An attacker who successfully exploited this 
vulnerability could take complete control of an affected system. An 
attacker could then install programs; view, change, or delete data; or 
create new accounts.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0216> 
CVE-2007-0216

Microsoft Works File Converter Index Table Vulnerability - CVE-2008-0105
A remote code execution vulnerability exists in Microsoft Works File 
Converter due to the way that it improperly validates section header index 
table information with the .wps file format. An attacker who successfully 
exploited this vulnerability could take complete control of an affected 
system. An attacker could then install programs; view, change, or delete 
data; or create new accounts.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0105> 
CVE-2008-0105

Microsoft Works File Converter Field Length Vulnerability - CVE-2008-0108
A remote code execution vulnerability exists in Microsoft Works File 
Converter due to the way that it improperly validates various field 
lengths information with the .wps file format. An attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system. An attacker could then install programs; view, change, 
or delete data; or create new accounts.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0108> 
CVE-2008-0108


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx> 
http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.

<Prev in Thread]	Current Thread	[Next in Thread>
[NT] Vulnerabilities in Microsoft Works File Converter Allows Code Execution (MS08-011), SecuriTeam <=

Previous by Date:	[NT] Vulnerability in OLE Automation Allows Code Execution, SecuriTeam
Next by Date:	[NT] Cumulative Security Update for Internet Explorer (MS08-010), SecuriTeam
Previous by Thread:	[NT] Vulnerability in OLE Automation Allows Code Execution, SecuriTeam
Next by Thread:	[NT] Cumulative Security Update for Internet Explorer (MS08-010), SecuriTeam
Indexes:	[Date] [Thread] [Top] [All Lists]