Date: 13 August 2008
References: ESB-2008.0813
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2008.0087 -- AUSCERT ALERT
[Win]
MS08-044 - Vulnerabilities in Microsoft Office Filters Could
Allow Remote Code Execution
13 August 2008
===========================================================================
AusCERT Alert Summary
---------------------
Product: Microsoft Office 2003 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Office 2000 Service Pack 3
Microsoft Office Project 2002 Service Pack 1
Microsoft Office Converter Pack
Microsoft Works 8
Publisher: Microsoft
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2008-3460 CVE-2008-3021 CVE-2008-3020
CVE-2008-3019 CVE-2008-3018
Original Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms08-044.mspx
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Bulletin MS08-044 - Critical
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code
Execution (924090)
Published: August 12, 2008
Version: 1.0
General Information
Executive Summary
This security update resolves five privately reported vulnerabilities.
These vulnerabilities could allow remote code execution if a user
viewed a specially crafted image file using Microsoft Office. Users
whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user
rights.
This security update is rated Critical for supported editions of
Microsoft Office 2000, and Important for supported editions of
Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft
Project 2002 Service Pack 1, Microsoft Office Converter Pack, and
Microsoft Works 8. For more information, see the subsection, Affected
Software, in this section.
Recommendation. Microsoft recommends that customers apply the update
immediately.
Affected Software
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office Project 2002 Service Pack 1
Microsoft Office Converter Pack
Microsoft Works 8
Vulnerability Information
Microsoft Malformed EPS Filter Vulnerability - CVE-2008-3019
A remote code execution vulnerability exists in the way that a
Microsoft Office filter handles a malformed graphics image. An
attacker could exploit the vulnerability by constructing a specially
crafted Encapsulated PostScript (EPS) file that could allow remote
code execution if a user opened the file with a Microsoft Office
application. Such a specially crafted file might be included as an
e-mail attachment, or hosted on a malicious or compromised Web site.
An attacker who successfully exploited this vulnerability could take
complete control of an affected system. However, significant user
interaction is required to exploit this vulnerability.
Workarounds for Microsoft Malformed EPS Filter Vulnerability - CVE-2008-3019
Modify the Access Control List to deny access to EPSIMP32.FLT for all
users
Microsoft Malformed PICT Filter Vulnerability - CVE-2008-3018
A remote code execution vulnerability exists in the way that Microsoft
Office handles a PICT-format image file. The vulnerability could be
exploited when a Microsoft Office application opens a specially
crafted PICT-format image file. Such a specially crafted file might be
included as an e-mail attachment, or hosted on a malicious or
compromised Web site. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
However, significant user interaction is required to exploit this
vulnerability.
Workarounds for Microsoft Malformed PICT Filter Vulnerability -
CVE-2008-3018
Modify the Access Control List to deny access to PICTIM32.FLT for all
users
Microsoft PICT Filter Parsing Vulnerability - CVE-2008-3021
A remote code execution vulnerability exists in the way that Microsoft
Office handles a PICT-format image file. The vulnerability could be
exploited when either a Microsoft Office application opens a specially
crafted PICT-format image file. Such a specially crafted file might be
included as an e-mail attachment, or hosted on a malicious or
compromised Web site. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
However, significant user interaction is required to exploit this
vulnerability.
Workarounds for Microsoft PICT Filter Parsing Vulnerability - CVE-2008-3021
Modify the Access Control List to deny access to PICTIM32.FLT for all
users
Microsoft Malformed BMP Filter Vulnerability - CVE-2008-3020
A remote code execution vulnerability exists in the way that Microsoft
Office handles a BMP format image file. The vulnerability could be
exploited when a Microsoft Office application opens a specially
crafted BMP-format image file. Such a specially crafted file might be
included as an e-mail attachment, or hosted on a malicious or
compromised Web site. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
However, significant user interaction is required to exploit this
vulnerability.
Workarounds for Microsoft Malformed BMP Filter Vulnerability - CVE-2008-3020
Modify the Access Control List to deny access to BMP32.FLT for all
users
Microsoft Office WPG Image File Heap Corruption Vulnerability -
CVE-2008-3460
A remote code execution vulnerability exists in the way that Microsoft
Office handles a WordPerfect Graphics (WPG) format image file. The
vulnerability could be exploited when Microsoft Office opens a
specially crafted WPG-format image file or a WordPerfect document file
with a malformed WPG image embedded. Such a specially crafted file
might be included as an e-mail attachment, or hosted on a malicious or
compromised Web site. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
However, significant user interaction is required to exploit this
vulnerability.
Workarounds for Microsoft Office WPG Image File Heap Corruption
Vulnerability - CVE-2008-3460
Modify the Access Control List to deny access to WPGIMP32.FLT for all
users
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSKIoLSh9+71yA2DNAQJUGgP+Ia3TPTwc2OvVZE1JjgNTlQ2Gp1702bYn
EJaR4SHoVEqrfMqIesqVnx4NAzsTI4WcjiEgebFC/cQHn7bNU/3iBJL1gZMX3ZEN
tpQzwsq/iTV7m9G420UVE8JHxBxTl5LYPpsSyWeeJ7awcXsX+eXfOcryRR7QaXZA
6SPoeutlPfo=
=rDD9
-----END PGP SIGNATURE-----
|