HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-57
Microsoft Word Memory corruption Remote Code Execution Vulnerabilities

Original Issue Date: May 14, 2008

Severity Rating: High

System Affected

  • Microsoft Office System 2007 Service Pack 1
  • Microsoft Office Compatibility Pack for Word, Excel,
    and PowerPoint 2007 File Formats and with Service Pack 1
  • Microsoft Office System 2007
  • Microsoft Outlook 2007
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2003 Service Pack 2
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Word Viewer 2003 Service Pack 3
  • Microsoft Word Viewer 2003
  • Microsoft Office 2008 for Mac
  • Microsoft Office for Mac
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2000 Service Pack 3

Overview

Two vulnerabilities have been reported in Microsoft Word that could be exploited by an attacker to take control of the affected system in context of logged in user.

Description

1. Microsoft Word RTF Object File Parsing Vulnerability
   (CVE-2008-1091)

Rich Text Format (RTF) is a document file format that exchange text files between different word processor s in different operating
systems.

This vulnerability is caused due to an error in Microsoft Word while processing Rich Text Format (.rtf) files. An attacker could exploit this vulnerability by creating specially crafted .rtf file containing malformed strings and persuade user to open or preview the same in either Rich Text Format or as HTML. Successful exploitation of this vulnerability corrupts the system memory and allows remote attackers to execute arbitrary code.

2. Microsoft Word Cascading Style Sheet (CSS) Vulnerability
   (CVE-2008-1434)

Cascading Style Sheets (CSS) is a style sheet language used to describe the presentation of a document written in a markup
language.

This vulnerability is caused due to an error in Microsoft Word while handling CSS rules in Word files. An attacker could exploit this vulnerability by creating specially crafted web page with malformed CSS value and persuade user to open the same. Successful exploitation of this vulnerability corrupts the system memory and allows remote attackers to execute arbitrary code.

Workarounds

  • Use Microsoft Office File Block policy to prevent the opening of Office 2003 and earlier documents received from unknown or un-trusted sources.
  • Do not open Email message or attachment from un-trusted sources.
  • Do not open or save Microsoft Office files received from un-trusted sources.

Solution

 Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-026


Vendor Information

 Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-026.mspx

References

iDefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700

Zero-Day
http://www.zerodayinitiative.com/advisories/ZDI-08-023/

Secunia
http://secunia.com/advisories/30143/

FrSIRT
http://www.frsirt.com/english/advisories/2008/1504/references

SecurityTracker
http://www.securitytracker.com/alerts/2008/May/1020013.html
http://www.securitytracker.com/alerts/2008/May/1020014.html

Security Focus
http://www.securityfocus.com/bid/29104
http://www.securityfocus.com/bid/29105

CVE-Name
CVE-2008-1091
CVE-2008-1434

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003