Microsoft Office Filters Multiple Vulnerabilities( 13 August 2008 )
RISK: Medium Risk
1. Microsoft Malformed EPS Filter Vulnerability
A remote code execution vulnerability exists in the way that a Microsoft Office filter handles a malformed graphics image. An attacker could exploit the vulnerability by constructing a specially crafted Encapsulated PostScript (EPS) file that could allow remote code execution if a user opened the file with a Microsoft Office application. Such a specially crafted file might be included as an e-mail attachment, or hosted on a malicious or compromised Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
2. Microsoft Malformed PICT Filter Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office handles a PICT-format image file. The vulnerability could be exploited when a Microsoft Office application opens a specially crafted PICT-format image file. Such a specially crafted file might be included as an e-mail attachment, or hosted on a malicious or compromised Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
3. Microsoft PICT Filter Parsing Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office handles a PICT-format image file. The vulnerability could be exploited when either a Microsoft Office application opens a specially crafted PICT-format image file. Such a specially crafted file might be included as an e-mail attachment, or hosted on a malicious or compromised Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
4. Microsoft Malformed BMP Filter Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office handles a BMP format image file. The vulnerability could be exploited when a Microsoft Office application opens a specially crafted BMP-format image file. Such a specially crafted file might be included as an e-mail attachment, or hosted on a malicious or compromised Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
5. Microsoft Office WPG Image File Heap Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office handles a WordPerfect Graphics (WPG) format image file. The vulnerability could be exploited when Microsoft Office opens a specially crafted WPG-format image file or a WordPerfect document file with a malformed WPG image embedded. Such a specially crafted file might be included as an e-mail attachment, or hosted on a malicious or compromised Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 2
- Microsoft Office Project 2002 Service Pack 1
- Microsoft Office Converter Pack
- Microsoft Works 8
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 2
- Microsoft Office Project 2002 Service Pack 1
- Microsoft Office Converter Pack
- Microsoft Works 8
Vulnerability Identifier
Source
Related Link
Share with