Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Microsoft Security Bulletin MS06-038 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Security Bulletin MS06-038

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)


Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately

Security Update Replacement: None

This Security Bulletin covers multiple CVE items as indicated below:

CVE-2006-1316 ? Microsoft Office Parsing Vulnerability
CVE-2006-1540 ? Microsoft Office Malformed String Parsing Vulnerability
CVE-2006-2389 ? Microsoft Office Property Vulnerability

Software Affected:

It appears that all of the Microsoft Office 2000, 2002, 2003 programs are affected. Not affected is Works applications.

Summary

This is another remote code execution problem and appears to impact Office 2000 applications the worse lending to a critical assessment.  The other versions of Office identified as vulnerable are listed as important for all three of the CVE?s. 

From Microsoft Bulletin

A remote code execution vulnerability exists in Office, and could be exploited when a malformed string included in an Office file was parsed by any of the affected Office applications.  Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site.  Viewing or previewing a malformed email message in an affected version of Outlook could not lead to exploitation of this vulnerability.  An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution.

In all three cases the only tested work around is NOT to open attachments from untrusted sources.  I guess that means to apply the patch ASAP.

Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!