Microsoft Office Multiple Vulnerabilities

1.A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.

To exploit this vulnerability, an attacker must have the ability to submit a specially crafted content to a target site. Because of the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script to be run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur. For instance, after an attacker has successfully submitted a specially crafted web request to a target site, any webpage on that site that contains the specially crafted content is a potential vector for cross-site scripting attacks. When a user visits a webpage that contains the specially crafted content, the script could be run in the security context of the user.

The security update addresses the vulnerability by modifying how SharePoint validates web requests.

Microsoft received information about the vulnerabilities through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that these vulnerabilities had been publicly used to attack customers.

2. A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow remote code execution. An attacker who successfully exploited this vulnerability could take control of the affected system.

This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker could host a specially crafted website containing an Office file that is designed to exploit the vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.

If Microsoft Word is the selected email reader, which is the default setting, then an attacker could leverage Outlook for an email-based attack by sending a specially crafted file, containing an EPS image binary, to the targeted user. In this scenario this attack vector requires minimal user action (as in viewing a specially crafted email through the preview pane in Outlook) to be exploited.

Workstations and terminal servers that have Microsoft Office installed are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.

Microsoft received information about the vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had received reports of limited targeted attacks using this vulnerability.