|
Microsoft Office Drawing Object Code Execution Vulnerability
|
|
Secunia Advisory:
|
SA25178
|
|
|
Release Date:
|
2007-05-08
|
|
Last Update:
|
2008-03-27
|
|
Popularity:
|
12,557 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Expression Web 1.x
Microsoft Frontpage 2000
Microsoft Frontpage 2002
Microsoft Frontpage 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Publisher 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office XP
Microsoft Publisher 2000
Microsoft Publisher 2002
Microsoft Publisher 2003
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2007-1747
|
|
Description:
A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error in the parsing of drawing objects and can be exploited via a malicious Office file containing a specially crafted drawing object.
Successful exploitation allows execution of arbitrary code.
Solution:
Apply patches.
Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/de...=A693C271-4B94-4541-953A-0A2DB4587B23
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/de...=CB291AD9-348A-4C28-BEC7-53D2F35D0B72
Microsoft Office 2003 SP2:
http://www.microsoft.com/downloads/de...=819857CC-3777-4E4A-9CC3-685FC079A254
Microsoft Office System 2007:
http://www.microsoft.com/downloads/de...=A3DC8E3F-90DD-4D0C-88B8-2EC88FF3A588
Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac
Provided and/or discovered by:
Reported by the vendor.
Changelog:
2007-05-09: Added link to US-CERT.
2008-03-27: Added "Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats" in list of affected software based on updated information from Microsoft.
Original Advisory:
MS07-025 (KB934873):
http://www.microsoft.com/technet/security/Bulletin/MS07-025.mspx
Other References:
US-CERT VU#853184:
http://www.kb.cert.org/vuls/id/853184
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
