69085 : Microsoft Office RTF Parsing Stack Overflow
Printer | http://osvdb.org/69085 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
21	1160	about 1 year ago	10 months ago	30 times	100%

Timeline

Disclosure Date	Vendor Solution Date
2010-11-09	2010-11-09

Description

Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to a boundary error when parsing a certain control word in RTF (Rich Text Format) formatted content can be exploited to cause a stack-based buffer overflow via a specially crafted file. It may allow execution of arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private, Exploit Commercial
Disclosure: Vendor Verified

Solution

Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Office	XP
		2007
		2003
		2010
		for Mac

References

Exploit Database: 17474
CVE ID: 2010-3333 (see also: NVD)
Microsoft Knowledge Base Article: 2289158 2289161 2289169 2289187 2423930 2454823
Secunia Advisory ID: 38521 42144
Metasploit ID: 69085
Related OSVDB ID: 69086 69087 69088 69089
News Article: http://blogs.technet.com/b/msrc/archive/2010/11/04/advance-notification-service-for-november-2010-bulletins.aspx
http://news.cnet.com/8301-27080_3-20021824-245.html
http://threatpost.com/en_us/blogs/critical-office-hole-patched-november-release-110910
http://threatpost.com/en_us/blogs/microsoft-patch-critical-office-flaw-110410
Mail List Post: http://seclists.org/fulldisclosure/2010/Nov/92
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/ms_office_rtf_pfragments_property
Other Advisory URL: http://www.virustotal.com/file-scan/report.html?id=308ab831d924e8d3cc4d7b470e149b1b907437da5ba9daa377474d8a2efa51bb-1292989644
http://www.virustotal.com/file-scan/report.html?id=68f10c2f8a484fcecdbbaa69cf01caf3d3bb725f66e7db00cd30c3d84a5c6af4-1295557632
http://www.virustotal.com/file-scan/report.html?id=68f10c2f8a484fcecdbbaa69cf01caf3d3bb725f66e7db00cd30c3d84a5c6af4-1295638847
http://www.virustotal.com/file-scan/report.html?id=ce9b3dd95dd9bb07505f8a2f3319887ff71fe66cf9eb1afa9b31b77c9904d122-1292644639
http://www.virustotal.com/file-scan/report.html?id=dc1e0b63020d586526320c0bc0f44862ba34f84fb4697e13037d3d4ff54718a1-1294403371
Vendor Specific Advisory URL: https://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx
Microsoft Security Bulletin: MS10-087

Tools & Filters

	50528

Credit

wushi - iDefense Labs VCP

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2010-11-10 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

2011/01/05 08:00:00 | More IT Grief: Office Exploit Broadly Released

from: RedmondMag.com

...flaw in Internet Information Services FTP 7.5. Microsoft released a patch for the Office RTF vulnerability, known as CVE-2010-3333, in November, and no widespread outbreaks of exploits have yet been reported. The public availability of an exploit lowers the...

2011/01/04 22:19:00 | Microsoft Office vulnerable to hackers

from: Federal Computer Week | FCW

...allowing remote execution of code on a victim computer. Microsoft released a patch for the vulnerability, known as CVE-2010-3333, in November, and no widespread outbreaks of exploits have yet been reported. The public availability of an exploit lowers the...

2011/01/04 13:42:00 | Microsoft .rtf file exploit is like being murdered by a chipmunk

from: ITWorld.com

...and you don't know about this, you should take a look. The bug could launch in an Outlook preview pane as well as in Word itself, but can be patched using the patch MS10-087. Next week, how water can kill you even when you're not drowning in it....

2010/11/09 21:50:12 | Highly Critical Vulnerability Headlines Light Patch Tuesday

from: Albequerque Express

...Microsoft Office, up to and including the new Office 2010. One vulnerability, an RTF stack buffer overflow issue known as CVE-2010-3333, stands out. A stack overflow in the RTF parser in these programs is hard to imagine in this day and age, but it just goes...

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.