iDefense Security Advisory 08.12.08 - Remote exploitation of a heap buffer overflow vulnerability in the "BMPIMP32.FLT" filter module, as distributed with Microsoft Office, allows attackers to execute arbitrary code. The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code. iDefense confirmed that the "BMPIMP32.FLT" module installed with Microsoft Office XP SP3, including all patches as of May 24, 2006, is vulnerable. Other versions may also be vulnerable.
c369d53fc3514c335589aaa73929390220ce4db88b492cebeba1b267acc42c1e