Home page logo

bugtraq logo Bugtraq mailing list archives

Microsoft Office Malformed Record Memory Corruption Vulnerability
From: Sowhat <smaillist () gmail com>
Date: Wed, 11 Oct 2006 12:02:09 +0800

Microsoft Office Malformed Record Memory Corruption Vulnerability

By Sowhat of Nevis Labs


Microsoft Inc.

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint XP SP3
Microsoft PowerPoint 2003 SP1, SP2

Remote: YES
Exploitable: maybe ;)

CVE: CVE-2006-3864


This vulnerability allows remote attackers to execute arbitrary code in
the context of the logged in user. An array boundary condition may be
violated by a malicious Microsoft Office (DOC/PPT/XLS) file in order to redirect
execution into attacker-supplied data. Exploitation requires that the
attacker coerce or
persuade the victim to open a malicious Microsoft Office file.


The specific flaw lies with in the Office binary mso.dll.
There will be a memory corruption during the analysis of a malformed
Microsoft Office File.

Microsoft said "We have confirmed that the issue you reported to us is

Because there are too many boring MS OFFICE vulnerabilities released this year,
I am boring to write an technical advisory and I believe that nobody
is interested in that.
So I just post this advisory for record purpose only ;) Sorry.


No POC will be supplied


Microsoft has released an update for Microsoft Office which is
set to address this issue. This can be downloaded from:


Vendor Response:

2006.07.14 Vendor notified via secure () microsoft com
2006.07.15 Vendor responded
2006.10.10 Vendor released MS06-062 patch
2006.10.10 Advisory released

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.


Greetings to Becky, TY


1. http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
2. http://secway.org/vuln.htm
3. http://secway.org/advisory/AD20061010.txt

"Life is like a bug, Do you know how to exploit it ?"

  By Date           By Thread  

Current thread:
  • Microsoft Office Malformed Record Memory Corruption Vulnerability Sowhat (Oct 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]