Integer Overflow or Wraparound in Microsoft Client/Desktop applications

#VU1383 Integer Overflow or Wraparound in Microsoft Client/Desktop applications

Published: 2016-12-19 | Updated: 2017-03-16

Vulnerability identifier: #VU1383

Vulnerability risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-2500

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Word Viewer
Client/Desktop applications / Office applications
Microsoft Office
Client/Desktop applications / Office applications
Microsoft Project
Client/Desktop applications / Office applications
Microsoft Works
Client/Desktop applications / Office applications
Microsoft Report Viewer
Client/Desktop applications / Office applications
Microsoft Visio
Client/Desktop applications / Office applications
Excel Viewer
Client/Desktop applications / Office applications
Microsoft Internet Explorer
Client/Desktop applications / Web browsers
Windows
Operating systems & Components / Operating system
Microsoft SQL Server
Server applications / Database software
Microsoft Forefront Client Security
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Microsoft

Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow when handling WMF image file. A remote attacker can create a specially crafted WMF image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation
Install update from vendor's website:

Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8

Vulnerable software versions

Word Viewer: 2003

Microsoft Internet Explorer: 6

Windows: XP

Microsoft Office: 2007

Microsoft Project:

Microsoft Works: 8.5

Microsoft SQL Server: 2005 9.0.1399

Microsoft Forefront Client Security: 1.0

Microsoft Report Viewer: 2005 - 2008

Microsoft Visio:

Excel Viewer:

External links
http://technet.microsoft.com/en-us/library/security/ms09-062.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft Windows