Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Office Web Components URL Parsing Vulnerability
Date Discovered: 03/11/2008
Severity: High
Applications Affected: Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Visual Studio .NET 2002 SP1
Microsoft Visual Studio .NET 2003 SP1
Microsoft BizTalk Server 2000
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2000
Synopsis
This vulnerability exists in the way Microsoft Office Web Components manages memory resources when parsing specially crafted URLs. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx
Threat Analysis
Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web.

An error in parsing a specially crafted execution command may corrupt system memory in such a way that an attacker could execute arbitrary code.

An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.
References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4695

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map