Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Vulnerabilities in Microsoft Visio Allows Code Execution (MS08-019)

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Vulnerabilities in Microsoft Visio Allows Code Execution (MS08-019)
Date: 9 Apr 2008 08:56:25 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerabilities in Microsoft Visio Allows Code Execution (MS08-019)
------------------------------------------------------------------------


SUMMARY

This security update resolves privately reported vulnerabilities in 
Microsoft Office Visio that could allow remote code execution if a user 
opens a specially crafted Visio file. An attacker who successfully 
exploited this vulnerability could take complete control of an affected 
system. An attacker could then install programs; view, change, or delete 
data; or create new accounts with full user rights. Users whose accounts 
are configured to have fewer user rights on the system could be less 
impacted than users who operate with administrative user rights.

This security update is rated Important for Microsoft Office Visio 2002 
Service Pack 2, Microsoft Office Visio 2003 Service Pack 2, Microsoft 
Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007, and 
Microsoft Office Visio 2007 Service Pack 1. For more information, see the 
subsection, Affected and Non-Affected Software, in this section.

DETAILS

Affected Software:
Office Suite and Other Software - Component - Maximum Security Impact - 
Aggregate Severity Rating - Bulletins Replaced by this Update
 * Microsoft Office XP Service Pack 2 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0056a936-def5-40fa-bcfc-0ab0dd5c3964>
 Microsoft Visio 2002 Service Pack 2 (KB947896) - Remote Code Execution - 
Important - MS07-030
 * Microsoft Office 2003 Service Pack 2 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=18af0ce6-99a0-4471-8d26-9700a8a8e631>
 Microsoft Visio 2003 Service Pack 2 (KB947650) - Remote Code Execution - 
Important - MS07-030
 * Microsoft Office 2003 Service Pack 3 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=18af0ce6-99a0-4471-8d26-9700a8a8e631>
 Microsoft Visio 2003 Service Pack 3 (KB947650) - Remote Code Execution - 
Important - MS07-030
 * 2007 Microsoft Office System -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0510a1bb-b464-452c-900f-7f4e58ed9c7e>
 Microsoft Visio 2007 (KB947590) - Remote Code Execution - Important - None
 * 2007 Microsoft Office System Service Pack 1 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0510a1bb-b464-452c-900f-7f4e58ed9c7e>
 Microsoft Visio 2007 Service Pack 1 (KB947590) - Remote Code - Execution - 
Important - None

Non-Affected Software:
 * Microsoft Visio 2002 Viewer
 * Microsoft Visio 2003 Viewer
 * Microsoft Visio 2007 Viewer
 * Microsoft Visio 2007 Viewer Service Pack 1

Visio Object Header Vulnerability - CVE-2008-1089
A remote code execution vulnerability exists in the way Microsoft Visio 
validates object header data in specially crafted files. An attacker could 
exploit the vulnerability by sending a malformed file which could be 
included as an e-mail attachment, or hosted on a specially crafted or 
compromised Web site.

If a user were logged on with administrative user rights, an attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system. An attacker could then install programs; view, change, 
or delete data; or create new accounts with full user rights. Users whose 
accounts are configured to have fewer user rights on the system could be 
less affected than users who operate with administrative user rights.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1089> 
CVE-2008-1089

Workarounds for Visio Object Header Vulnerability - CVE-2008-1089
Workaround refers to a setting or configuration change that does not 
correct the underlying vulnerability but would help block known attack 
vectors before you apply the update. Microsoft has tested the following 
workarounds and states in the discussion whether a workaround reduces 
functionality:

 * Use Microsoft Visio 2003 Viewer or Microsoft Visio 2007 Viewer to open 
and view Visio files. Microsoft Visio 2003 Viewer and Microsoft Visio 2007 
Viewer are not affected by the issue.

 * Do not open or save Visio files that you receive from untrusted sources 
or that you receive unexpectedly from trusted sources. This vulnerability 
could be exploited when a user opens a specially crafted file.

Visio Memory Validation Vulnerability - CVE-2008-1090
A remote code execution vulnerability exists in the way Microsoft Visio 
validates memory allocations when loading specially-crafted .DXF files 
from disk into memory. An attacker could exploit the vulnerability by 
sending a malformed file which could be included as an e-mail attachment, 
or hosted on a specially crafted or compromised Web site.

If a user were logged on with administrative user rights, an attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system. An attacker could then install programs; view, change, 
or delete data; or create new accounts with full user rights. Users whose 
accounts are configured to have fewer user rights on the system could be 
less affected than users who operate with administrative user rights.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1090> 
CVE-2008-1090

Workarounds for Visio Memory Validation Vulnerability - CVE-2008-1090
Workaround refers to a setting or configuration change that does not 
correct the underlying vulnerability but would help block known attack 
vectors before you apply the update. Microsoft has tested the following 
workarounds and states in the discussion whether a workaround reduces 
functionality:

 * Disable Visio from opening .DXF file by restricting access to 
DWGDP.DLL.

To restrict access to DWGDP.DLL, type the following at the command prompt:

Note For Vista, an account with administrator privileges is required to 
implement this workaround.

For Windows XP
Echo y|cacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /D 
everyone

For Windows Vista
Takeown.exe /f "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll"

Icacls.exe "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /save 
%TEMP%\DWGDP_ACL.TXT

Icacls.exe "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /deny 
everyone:(F)

Impact of Workaround: The impact of implementing this workaround is that 
Visio will no longer open AutoCAD drawing files (.DXF). If you have no 
need to open AutoCAD drawing files, this workaround should have no impact 
to your system s functionality.

How to Undo the Workaround: To rollback this workaround, type the 
following at the command prompt:
For Windows XP
cacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /G everyone

For Windows Vista
Icacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /grant 
everyone:(F)

Icacls "%ProgramFiles%\microsoft office\visio11\dll\dwgdp.dll" /restore 
%TEMP%\DWGDP_ACL.TXT

 * Use Microsoft Visio 2003 Viewer or Microsoft Visio 2007 Viewer to open 
and view Visio files. Microsoft Visio 2003 Viewer and Microsoft Visio 2007 
Viewer are not affected by the issue.

 * Do not open or save Microsoft Office files that you receive from 
untrusted sources or that you receive unexpectedly from trusted sources. 
This vulnerability could be exploited when a user opens a specially 
crafted file.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx> 
http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Vulnerabilities in Microsoft Visio Allows Code Execution (MS08-019), SecuriTeam <=
Previous by Date:  [NT] Vulnerability in Microsoft Project Allows Code Execution (MS08-018), SecuriTeam
Next by Date:  [NT] Vulnerability in DNS Client Allows Spoofing (MS08-020), SecuriTeam
Previous by Thread:  [NT] Vulnerability in Microsoft Project Allows Code Execution (MS08-018), SecuriTeam
Next by Thread:  [NT] Vulnerability in DNS Client Allows Spoofing (MS08-020), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]