exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Office MSO Size Handling Integer Overflow

Microsoft Office MSO Size Handling Integer Overflow
Posted Apr 14, 2011
Authored by Nicolas Joly, Chaouki Bekrar, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.

tags | advisory, overflow
SHA-256 | 2d2ef1ad1bdc1ee43e992f908da55b1ea19d51d2bcabcf4e211f64a913e1e003

Microsoft Office MSO Size Handling Integer Overflow

Change Mirror Download
VUPEN Security Research - Microsoft Office MSO Size Handling Integer 
Overflow Vulnerability

http://www.vupen.com/english/research.php


I. BACKGROUND
---------------------

"Microsoft Office is a proprietary commercial office suite of inter-related
desktop applications, servers and services for the Microsoft Windows and
Mac OS X" (Wikipedia)


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Microsoft Office.

The vulnerability is caused by an integer overflow error in the MSO
component
when parsing certain values within an Office document, which could be
exploited
by attackers to compromise a vulnerable system by tricking a user into
opening
a malformed Office file (e.g. Word).

CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) / CVE-2011-0041


III. AFFECTED PRODUCTS
---------------------------

Microsoft Office XP Service Pack 3


IV. Binary Analysis & Exploits/PoCs
---------------------------------------

In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/english/services/ba-index.php


V. VUPEN Threat Protection Program
-----------------------------------

To proactively protect critical networks and infrastructures against
unpatched
vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares
its
vulnerability research with governments and organizations members of the
VUPEN
Threat Protection Program (TPP).

VUPEN TPP customers receive fully detailed and technical reports about
security
vulnerabilities discovered by VUPEN and in advance of their public
disclosure.

http://www.vupen.com/english/services/tpp-index.php


VI. SOLUTION
----------------

Apply the MS11-029 security update.


VII. CREDIT
--------------

This vulnerability was discovered by Nicolas Joly and Chaouki Bekrar of
VUPEN Security


VIII. ABOUT VUPEN Security
---------------------------

VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be exploited,
ensure security policy compliance and meaningfully measure and manage risks.

Governmental and federal agencies, and global enterprises in the financial
services, insurance, manufacturing and technology industries rely on VUPEN
to improve their security, prioritize resources, cut time and costs, and
stay ahead of the latest threats.

* VUPEN Vulnerability Notification Service (VNS) :
http://www.vupen.com/english/services/vns-index.php

* VUPEN Binary Analysis & Exploits Service (BAE) :
http://www.vupen.com/english/services/ba-index.php

* VUPEN Threat Protection Program for Govs (TPP) :
http://www.vupen.com/english/services/tpp-index.php

* VUPEN Web Application Security Scanner (WASS) :
http://www.vupen.com/english/services/wass-index.php


IX. REFERENCES
----------------------

http://www.vupen.com/english/research-vuln.php
http://www.vupen.com/english/advisories/2011/0947
http://www.microsoft.com/technet/security/Bulletin/MS11-029.mspx


X. DISCLOSURE TIMELINE
-----------------------------

2010-05-05 - Vulnerability Discovered by VUPEN
2011-04-12 - MS11-029 security update released

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close