Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
BID:1561
Info
Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
| Bugtraq ID: | 1561 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 09 2000 12:00AM |
| Updated: | Aug 09 2000 12:00AM |
| Credit: | Discovered by Jesper M. Johansson <[email protected]> and publicized in a Microsoft Security Bulletin (MS00-056) on August 9, 2000. |
| Vulnerable: |
Microsoft Word 2000 Microsoft PowerPoint 2000 Microsoft Excel 2000 |
| Not Vulnerable: |
Microsoft Access 2000 |
Discussion
Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
The HTML interpreter in Microsoft Word, Excel, and Powerpoint 2000 does not properly check bounds in the Object tag when handling HTML files saved as Office documents. Therefore, it is possible to crash the application or execute arbitrary code on the system, depending on the data used in conjunction with the Object tag.
The HTML interpreter in Microsoft Word, Excel, and Powerpoint 2000 does not properly check bounds in the Object tag when handling HTML files saved as Office documents. Therefore, it is possible to crash the application or execute arbitrary code on the system, depending on the data used in conjunction with the Object tag.
Exploit / POC
Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
Solution:
Microsoft has released the following patches which eliminates the vulnerability. Word 2000 users can further protect themselves by enabling the "Confirm conversion at Open" option located in the Tools-Options-General tab. This would force all HTML formatted documents to be converted to plain text upon opening.
Microsoft Excel 2000
Microsoft Word 2000
Microsoft PowerPoint 2000
Solution:
Microsoft has released the following patches which eliminates the vulnerability. Word 2000 users can further protect themselves by enabling the "Confirm conversion at Open" option located in the Tools-Options-General tab. This would force all HTML formatted documents to be converted to plain text upon opening.
Microsoft Excel 2000
-
Microsoft Of9data
Office 2000 SR-1 is required before this patch can be applied.
http://download.microsoft.com/download/office2000prem/of9data/2000/WIN 98/EN-US/Of9data.exe
Microsoft Word 2000
-
Microsoft Of9data
Office 2000 SR-1 is required before this patch can be applied.
http://download.microsoft.com/download/office2000prem/of9data/2000/WIN 98/EN-US/Of9data.exe
Microsoft PowerPoint 2000
-
Microsoft Of9data
Office 2000 SR-1 is required before this patch can be applied.
http://download.microsoft.com/download/office2000prem/of9data/2000/WIN 98/EN-US/Of9data.exe
References
Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
References:
References: