OSVDB ID: 31886

Title: Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution

Info

Disclosure
Feb 13, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Feb 13, 2007

Description

 A local memory corruption flaw exists in several Microsoft products. The RichEdit component fails to validate OLE objects contained in a RTF file resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Windows

 2000 SP4
XP SP2
XP Professional x64

Windows Server

 2003
2003 SP1
2003 for Itanium
2003 SP1 for Itanium
2003 x64 Edition

Office

 2000 SP3
XP SP3
2003 SP2
2004 for Mac

Office Multilanguage Packs

 2000

Project

 2000 Service Release 1
2002 SP1

Visio

 2002 SP2

Learning Essentials for Office

 1.0
1.1
1.5

Global Input Method Editor for Office

 2000

References

Credit
  • Kostya Kortchinsky - CERT
  • Fabrice Desclaux -


Direct URL: http://osvdb.org/31886