Date: 11 December 2008
References: ESB-2008.1150
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2008.0121 -- AUSCERT ALERT
[Win][Mac][OSX]
MS08-072 - Critical - Vulnerabilities in Microsoft Office
Word Could Allow Remote Code Execution
12 December 2008
===========================================================================
AusCERT Alert Summary
---------------------
Product: Microsoft Office 2000 Service Pack 3
Microsoft Office Word 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office Word 2002 Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office Word 2003 Service Pack 3
2007 Microsoft Office System
Microsoft Office Word 2007
Microsoft Office Outlook 2007
2007 Microsoft Office System Service Pack 1
Microsoft Office Word Viewer 2003
Microsoft Office Word Viewer 2003 Service Pack 3
Microsoft Office Compatibility Pack for Word, Excel,
and PowerPoint 2007 File Formats
Microsoft Office Compatibility Pack for Word, Excel,
and PowerPoint 2007 File Formats Service Pack 1
Microsoft Works 8*
Microsoft Office for Mac
Publisher: Microsoft
Operating System: Windows
Mac OS X
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2008-4024 CVE-2008-4025 CVE-2008-4026
CVE-2008-4027 CVE-2008-4028 CVE-2008-4030
CVE-2008-4031 CVE-2008-4037
Original Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
Revision History: December 12 2008: Added CVE-2008-4024 and relevant
vulnerability information
December 10 2008: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Bulletin MS08-072 - Critical
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
(957173)
Published: December 9, 2008
Version: 1.0
General Information
Executive Summary
This security update resolves eight privately reported vulnerabilities in
Microsoft Office Word and Microsoft Office Outlook that could allow remote
code execution if a user opens a specially crafted Word or Rich Text Format
(RTF) file. An attacker who successfully exploited these vulnerabilities
could take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts with
full user rights. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.
This security update is rated Critical for supported editions of Microsoft
Office Word 2000 and Microsoft Office Outlook 2007. For supported editions
of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office
Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer
2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office
2008 for Mac, and Open XML File Format Converter for Mac, this security
update is rated Important. For more information, see the subsection,
Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that
Microsoft Office Word and Microsoft Office Outlook handle specially crafted
Word and Rich Text Format (RTF) files. For more information about the
vulnerability, see the Frequently Asked Questions (FAQ) subsection for the
specific vulnerability entry under the next section, Vulnerability
Information.
Recommendation. Microsoft recommends that customers apply the update
immediately.
Known Issues. Microsoft Knowledge Base Article 957173 documents the
currently known issues that customers may experience when installing this
security update. The article also documents recommended solutions for these
issues.
Affected Software
Microsoft Office 2000 Service Pack 3
Microsoft Office Word 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office Word 2002 Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office Word 2003 Service Pack 3
2007 Microsoft Office System
Microsoft Office Word 2007
Microsoft Office Outlook 2007
2007 Microsoft Office System Service Pack 1
Microsoft Office Word Viewer 2003
Microsoft Office Word Viewer 2003 Service Pack 3
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 1
Microsoft Works 8*
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
* In order to be offered this security update, customers running Microsoft
Works 8.0 must first update to Works 8.5 as described in Microsoft Works
Update. This includes all customers using Microsoft Works 8.0, Works Suite
2004, and Works Suite 2005. For customers running Works Suite 2006, Works
8.5 is already included.
Vulnerability Information
Word Memory Corruption Vulnerability - CVE-2008-4024
A remote code execution vulnerability exists in the way that Word handles
specially crafted Word files. The vulnerability could allow remote code
execution if a user opens a specially crafted Word file with a malformed
record. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.
Word RTF Object Parsing Vulnerability - CVE-2008-4025
A remote code execution vulnerability exists in the way that Microsoft
Office handles specially crafted Rich Text Format (RTF) files. The
vulnerability could allow remote code execution if a user opens a
specially crafted RTF file in Word or reads a specially crafted e-mail
sent in the RTF format. An attacker who successfully exploited this
vulnerability could take control of an affected system in the context of
the currently logged-on user. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights.
Word Memory Corruption Vulnerability - CVE-2008-4026
A remote code execution vulnerability exists in the way that Word handles
specially crafted Word files. The vulnerability could allow remote code
execution if a user opens a specially crafted Word file with a malformed
value. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.
Word RTF Object Parsing Vulnerability - CVE-2008-4027
A remote code execution vulnerability exists in the way that Microsoft
Office handles specially crafted Rich Text Format (RTF) files. The
vulnerability could allow remote code execution if a user opens a
specially crafted RTF file with malformed control words in Word, or
views or previews a specially crafted RTF file with malformed control
words in rich text e-mail. An attacker who successfully exploited this
vulnerability could take control of an affected system in the context of
the currently logged-on user. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights.
Word RTF Object Parsing Vulnerability - CVE-2008-4030
A remote code execution vulnerability exists in the way that Microsoft
Office handles specially crafted Rich Text Format (RTF) files. The
vulnerability could allow remote code execution if a user opens a
specially crafted RTF file in Word or reads or previews a specially
crafted e-mail sent in the RTF format. An attacker who successfully
exploited this vulnerability could take control of an affected system in
the context of the currently logged-in user. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.
Word RTF Object Parsing Vulnerability - CVE-2008-4028
A remote code execution vulnerability exists in the way that Microsoft
Office handles specially crafted Rich Text Format (RTF) files. The
vulnerability could allow remote code execution if a user opens a
specially crafted RTF file in Word, or reads or previews a specially
crafted e-mail sent in the RTF format. An attacker who successfully
exploited this vulnerability could take control of an affected system
in the context of the currently logged-in user. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.
Word RTF Object Parsing Vulnerability - CVE-2008-4031
A remote code execution vulnerability exists in the way that Microsoft
Office handles specially crafted Rich Text Format (RTF) files. The
vulnerability could allow remote code execution if a user opens a
specially crafted RTF file in Word, or reads or previews a specially
crafted e-mail sent in the RTF format. An attacker who successfully
exploited this vulnerability could take control of an affected system in
the context of the currently logged-on user. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.
Word Memory Corruption Vulnerability - CVE-2008-4837
A remote code execution vulnerability exists in the way that Microsoft
Office Word handles specially crafted Word files. The vulnerability
could allow remote code execution if a user opens a specially crafted
Word file that includes a malformed record value. An attacker who
successfully exploited this vulnerability could take control of an
affected system in the context of the current logged-on user. An attacker
could then install programs; view, change, or delete data; or create new
accounts with full user rights.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation\'s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT\'s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation\'s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author\'s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSUGukih9+71yA2DNAQJPsgP+NQgwu/xnJ+BxSIE7tpXgvjiBZkbnxljD
N6dCdC2Cp/rIsWjUpK4W+TKLu84VdDsk2GHHPe4V7PLNguHWSoQ83zG+bLVV9mQb
rHMb4z39ikAXry71LWU084S8gVjKayc6yjwHFOYMibC9tZJ/ilLrB32GuXi22rr0
vryMppkF8ZU=
=FQRg
-----END PGP SIGNATURE-----
|