Multiple vulnerabilities in Microsoft Office



Published: 2006-07-11 | Updated: 2016-12-07
Risk Critical
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2006-2389
CVE-2006-1318
CVE-2006-1540
CVE-2006-1316
CWE-ID CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerability #3 is being exploited in the wild.
Vulnerable software
Subscribe 		Microsoft Office
Client/Desktop applications / Office applications

Microsoft Office for Mac
Client/Desktop applications / Office applications

Microsoft Project
Client/Desktop applications / Office applications

Microsoft Visio
Client/Desktop applications / Office applications

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

This security bulletin describes 4 remote code execution vulnerabilities in Microsoft Office.

1) Buffer overflow

EUVDB-ID: #VU1229

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-2389

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing malformed properties in Office documents. A remote attacker can create a specially crafted Office file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install update from vendor's website:

Vulnerable software versions

Microsoft Office: 2000 - XP

Microsoft Office for Mac: 2004 - v.X

Microsoft Project: 2000 - 2002

Microsoft Visio: 2002

External links

http://technet.microsoft.com/en-us/library/security/ms06-038.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Buffer overflow

EUVDB-ID: #VU1228

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-1318

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing record lengths in Office documents. A remote attacker can create a specially crafted Office file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install update from vendor's website:

Vulnerable software versions

Microsoft Office: 2000 - XP

Microsoft Office for Mac: 2004 - v.X

Microsoft Project: 2000 - 2002

Microsoft Visio: 2002

External links

http://technet.microsoft.com/en-us/library/security/ms06-038.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU1227

Risk: Critical

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2006-1540

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malformed strings in Office documents. A remote attacker can create a specially crafted Office file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Mitigation

Install update from vendor's website:

Vulnerable software versions

Microsoft Office: 2000 - XP

Microsoft Office for Mac: 2004 - v.X

Microsoft Project: 2000 - 2002

Microsoft Visio: 2002

External links

http://technet.microsoft.com/en-us/library/security/ms06-038.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

4) Buffer overflow

EUVDB-ID: #VU1226

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-1316

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing record lengths in Office documents. A remote attacker can create a specially crafted Office file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Mitigation

Install update from vendor's website:

Vulnerable software versions

Microsoft Office: 2000 - XP

Microsoft Office for Mac: 2004 - v.X

Microsoft Project: 2000 - 2002

Microsoft Visio: 2002

External links

http://technet.microsoft.com/en-us/library/security/ms06-038.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###