[PCWorks] Microsoft Office Two Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Wed, 13 Apr 2011 07:41:33 -0500

TITLE:
Microsoft Office Two Vulnerabilities

SECUNIA ADVISORY ID:
http://secunia.com/advisories/44015/

Criticality level: Highly critical
Impact:  System access
Where:  From remote

Software:
 Microsoft Office 2003 Professional Edition
 Microsoft Office 2003 Small Business Edition
 Microsoft Office 2003 Standard Edition
 Microsoft Office 2003 Student and Teacher Edition
 Microsoft Office 2004 for Mac
 Microsoft Office 2007
 Microsoft Office 2008 for Mac
 Microsoft Office XP
 Microsoft Open XML File Format Converter for Mac

DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Office, 
which can
be exploited by malicious people to compromise a user's system.

1) Office applications load certain libraries in an insecure 
manner,
which can be exploited to load arbitrary libraries by tricking 
a user
into e.g. opening a Word document located on a remote WebDAV or 
SMB
share.

2) An error when handling dereferencing data structures during
parsing of graphic objects in Office files can be exploited via 
e.g.
a specially crafted Excel file.

Successful exploitation of the vulnerabilities allows execution 
of
arbitrary code.

SOLUTION:
Apply patches.

ORIGINAL ADVISORY:
MS11-023 (KB2509461, KB2509503, KB2509488, KB2505924, 
KB2505927,
KB2505935):
http://www.microsoft.com/technet/security/Bulletin/MS11-023.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Microsoft Office, Two Vulnerabilities
• » [PCWorks] Microsoft Office Two Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 04-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---