Microsoft Security Advisory MS02-002 - Malformed Network Request can cause Office v. X for Mac to Fail. Office v. X contains a network-aware anti-piracy mechanism creates a denial of service vulnerability. An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data. An attacker could craft and send a special packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines. Microsoft FAQ on this issue available here.
3c1e389bcb9376114388761c54ab7b5eb1177fdfb8123d981f8dca88c3cd1426-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------
Title: Malformed Network Request can cause Office v. X for Mac
to Fail
Date: 06 February 2002
Software: Microsoft Office v. X for Mac
Impact: Denial of Service
Max Risk: Low
Bulletin: MS02-002
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-002.asp.
- ----------------------------------------------------------------------
Issue:
======
Office v. X contains a network-aware anti-piracy mechanism that
detects multiple copies of Office using the same product identifier
(PID) running on the local network. This feature, called the Network
Product Identification (PID) Checker, announces Office's own unique
product ID and listens for other announcements at regular intervals.
If a duplicate PID is detected, Office shuts down.
A security vulnerability results because of a flaw in the Network
PID Checker. Specifically, the Network PID Checker doesn't correctly
handle a particular type of malformed announcement - receiving one
causes the Network PID Checker to fail. When the Network PID fails
like this, the Office v. X application will fail as well. If more
than one Office v. X application was running when the packet was
received, the first application launched during the session would
fail. An attacker could use this vulnerability to cause other users'
Office applications to fail, with the loss of any unsaved data.
An attacker could craft and send this packet to a victim's machine
directly, by using the machine's IP address. Or, he could send
this same directive to a broadcast and multicast domain and attack
all affected machines
Mitigating Factors:
====================
- Corporate networks could be protected against Internet-based
attacks by following standard firewalling practices
(specifically, blocking ports 2222, those greater than 3000
traffic).
- Best practices recommends blocking both multicast and broadcast
packets at the perimeter firewall.
- At best, an attacker could cause the running Office application
that was loaded first to fail. There is no opportunity for an
attacker to create, delete, or modify Office data.
- Even a successful attack wouldn't have any effect on the overall
system, other applications or any Office application beyond the
first one loaded.
Risk Rating:
============
- Internet systems: None
- Intranet systems: None
- Client systems: Low
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-002.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Marty Schoch (mschoch@multicasttech.com)
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPGHPlo0ZSRQxA/UrAQFRUAf9GlgN6ku4fUyz54F9Q+vQ1fg3GOMpY3bw
KYxmLho5ZH8Ohrc2zPbaI7mFFsDoeDPKWcw0OFl/q+b1aOFKVC5R8xMGSdUujqPE
8J0iOgITvdb5FEcBIOpXepLidhVgrKhQnmAn9x/UlhKQG9MBAtq7riX2og8LxL4L
FffrDwx29fPMZrkANdFhmcrOgCMnbRwsegNtwg7OuUkJgJEOU6wwNsuuWsXKBadu
3/tv2iw5xrcAdfKwhblr7W+qBlmrT8roBLpZikC9FMa+Lf8vk2vRcBH8Gb8TYhzm
N9VGE37WNjHJ6NgCzo2r90LxxD0ummtOCbbUDHC+oXQNgdVvEq0Spw==
=t3Jb
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin as a result of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.
To cancel your subscription, click on the following link mailto:1_25246_597AAC3D-B8D9-4A9A-A29A-9EBCF4758F48_US@Newsletters.Microsoft.com?subject=UNSUBSCRIBE to create an unsubscribe e-mail.
To stop all e-mail newsletters from microsoft.com, click on the following link mailto:2_25246_597AAC3D-B8D9-4A9A-A29A-9EBCF4758F48_US@Newsletters.Microsoft.com?subject=STOPMAIL to create an unsubscribe e-mail. You can manage all your Microsoft.com communication preferences from http://www.microsoft.com/misc/unsubscribe.htm
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed