Info

Disclosure

Oct 10, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 10, 2006

Description

A remote overflow exists in Microsoft Office. Office fails to properly handle a boundary error resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Excel Viewer	2003
	InfoPath	2003
	Office	XP
		2000
		2003 Professional Edition
		2003 Small Business Edition
		2003 Standard Edition
		2003 Student and Teacher Edition
		2004 for Mac
		X for Mac
	OneNote	2003
	Word Viewer	2003
	Access	2000
		2002
		2003
	Excel	2000
		2002
		2003
	FrontPage	2000
		2002
		2003
	Outlook	2000
		2002
		2003
	PowerPoint	2000
		2002
		2003
	Project	2000
		2002
		2003
	Publisher	2000
		2002
		2003
	Visio	2002
	Visio	2003
	Word	2000
		2002
		2003

References

Security Tracker: 1017034
CVE ID: 2006-3868 (see also: NVD)
Secunia Advisory ID: 22339
SCIP VulDB ID: 2597
ISS X-Force ID: 29216
Related OSVDB ID: 29427 29428 29429
CERT VU: 807780
Microsoft Knowledge Base Article: 922581
Microsoft Security Bulletin: MS06-062

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/29430

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Excel Viewer

InfoPath

Office

OneNote

Word Viewer

Access

Excel

FrontPage

Outlook

PowerPoint

Project

Publisher

Visio

Word

References

Credit