CONTACT US | SITEMAP
 
 
Search:
 
Home > Services > Advisories > MyCERT Advisories > 2008

MA-128.052008 : MyCERT Special Alert - Vulnerabilities in Microsoft Products

Original Issue Date: 16th May 2008

Microsoft has released notification regarding latest vulnerabilities in its products. There are three vulnerabilities that have been categorized as critical and users are advised to take high precautions and execute remedial action to avoid their machines from being compromised.

Three Microsoft products that are experiencing the vulnerabilities are as below:

  • Microsoft Word
  • Microsoft Publisher
  • Microsoft Jet 4.0 Database Engine

The details of the vulnerabilities have been summarized in the tables as below. Be very aware that there is exploit available for the vulnerability of Microsoft Jet 4.0 Database Engine and users are advised to undertake a prompt action to fix the vulnerabilities

Produced in 16th May 2008 by MyCERT, CyberSecurity Malaysia, an agency under the Ministry of Science, Technology and Innovation (MOSTI).

MyCERT can be reached for assistance at:
Tel: 03-89961901
Fax: 03-89960827
Email: mycert [at] mycert.org.my
Web: http://www.mycert.org.my/report_incidents/online_form.html
Hp: 019-2665850
SMS: 019-2813801
Feedback can be directed to MyCERT.

Revision History:

Initial Release: 16th May 2008

 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
CVE / Microsoft
Security Bulletin		CVE-2008-1091 / MS08-026
System Affected
  • Microsoft Word 2000 Service Pack 3
  • Microsoft Word 2002 Service Pack 3
  • Microsoft Word 2003 Service Pack 2
  • Microsoft Word 2003 Service Pack 3
  • Microsoft Word 2007
  • Microsoft Outlook 2007
  • Microsoft Word 2007 Service Pack 1
  • Microsoft Outlook 2007 Service Pack 1
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Microsoft Word Viewer 2003
  • Microsoft Word Viewer 2003 Service Pack 3
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Method of infectionUser initiated, by opening specially crafted Microsoft Word file. Attacker then could get access of complete control on the machine
Impact

Attacker could execute exploit remotely by manipulating memory corruption vulnerability in Microsoft Word.

This is due to software code used to parse objects in .rtf file failed to calculate the correct amount of memory to be allocated for the execution.

Outlook 2007 is affected as it uses Word engine to preview email.

ExploitN/A
Fixes

Available (http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx)

Should the machine is not able to run Microsoft fix yet, run all software as a nonprivileged user with minimal access rights.


 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
CVE / Microsoft
Security Bulletin		CVE-2008-0119 / MS08-027
System Affected
  • Microsoft Publisher 2000 Service Pack 3
  • Microsoft Publisher 2002 Service Pack 3
  • Microsoft Publisher 2003 Service Pack 2
  • Microsoft Publisher 2003 Service Pack 3
  • Microsoft Publisher 2007
  • Microsoft Publisher 2007 Service Pack 1
Method of infectionUser initiated, by opening specially crafted Microsoft Publisher file. Attacker then could get access of complete control on the machine
Impact

Attacker could execute exploit remotely by manipulating buffer overflow vulnerability in Microsoft Publisher.

Publisher Object Handler has vulnerability in processing .pub file in validating the size of data within the header.

ExploitN/A
Fixes

Available (http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx)

Should the machine is not able to run Microsoft fix yet, run all software as a nonprivileged user with minimal access rights.


 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
CVE / Microsoft
Security Bulletin		CVE-2007-6026 / MS08-028
System Affected
  • Microsoft Jet 4.0 Database Engine on Microsoft Windows 2000 Service Pack 4
  • Microsoft Jet 4.0 Database Engine on Windows XP Service Pack 2
  • Microsoft Jet 4.0 Database Engine on Windows XP Professional x64 Edition
  • Microsoft Jet 4.0 Database Engine on Windows Server 2003 Service Pack 1
  • Microsoft Jet 4.0 Database Engine on Windows Server 2003 x64 Edition
  • Microsoft Jet 4.0 Database Engine on Windows Server 2003 with SP1 for Itanium-based Systems
Method of infectionUser initiated, by opening a website/email with html that has embedded reference to MDB file will allow the vulnerability to be executed via browser or Outlook.
MDB file is also able to be embedded into Word file.
Impact

Attacker could execute exploit remotely by manipulating stack based buffer overflow vulnerability in Microsoft Jet Database Engine

The exploit is executed when Jet Database is parsing a malformed Microsoft Access Database (MDB) file.

ExploitAVAILABLE
Fixes

Available (http://www.microsoft.com/technet/security/Bulletin/ms08-028.mspx)

Should the machine is not able to run Microsoft fix yet, run all software as a nonprivileged user with minimal access rights.

   

Disclaimer | Copyright © 2009 - CyberSecurity Malaysia