Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability

Bugtraq ID:	22847
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1347
Remote:	Yes
Local:	No
Published:	Mar 06 2007 12:00AM
Updated:	May 12 2015 07:33PM
Credit:	Discovery of this issue is credited to Marsu.
Vulnerable:	Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2 Microsoft Windows 2000 Terminal Services SP4 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Advanced Server SP4
Not Vulnerable:

Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability

The Microsoft 'ole32.dll' library is prone to a denial-of-service vulnerability. The issue occurs when the library handles document ('.doc') files containing large size values. It is conjectured that the execution of arbitrary code may be possible.

Software that is linked to the ole32.dll versions that reside on Microsoft Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions might alsso be affected.

Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability

The following example exploit tested on Windows 2000 SP4 FR and XP SP2 FR is available:

• /data/vulnerabilities/exploits/22847.tar

Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability

References:

• Microsoft Windows Homepage (Microsoft)
  
• US-CERT Vulnerability Note VU#194944 (US-CERT)