New MS Office Zero-Days
Tuesday April 10, 2007 at 11:26 am CST
Posted by Karthik Raman
Last week was spent combating a slew of exploits for the vulnerabilities patched by Microsoft on April 3.
Yesterday saw the release of several Microsoft Office zero-day exploits in security forums. Some of these flaws may allow for remote code execution. McAfee Avert Labs is investigating all these zero-days. Today is Patch Tuesday for April. So, yes: this is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximize the public’s exposure to these flaws until the next month’s Patch Tuesday.
Update, 2pm PST
Further research by Avert Labs indicates that all but one of the Office zero-days reported yesterday result in denial of service. There is one heap-overflow flaw that might be exploited for code execution. We’ll keep you updated.
Update, 5pm PST
Avert Labs has been analyzing proof-of-concept code for a zero-day vulnerability in Microsoft Windows’s handling of HLP files. This is another heap-overflow flaw that might be exploited for code execution. Stay tuned.
Update, April 17
Microsoft has ruled out the possibility of code execution in the zero-day vulnerabilities in Word 2007 released last week.
April 11th, 2007 at 07:02
[...] Trackback [...]
April 11th, 2007 at 14:59
[...] Yet again we see it happening… Patch Tuesday rolls around and suddenly we’re hit by more “0-days” for Microsoft products. This time it’s primarily Office, but a heap-overflow in .HLP files was also released. McAfee AVERT Labs have been doing some research into the vulnerabilities, however they haven’t had much to say yet. Initially they only addressed the Office flaws but came back later to include the .HLP heap-overflow. These 4 PoCs (2 DoS and 2 overflows) were released to the Full Disclosure mailing list by muts (of BackTrack fame). This was also discussed over at heise Security. They have mentioned that there’s no proof yet that these are new vulnerabilities, they may actually be related to the vulnerabilities announced by eEye. [...]
April 12th, 2007 at 00:44
[...] Mentre Microsoft rilasciava i suoi nuovi bollettini di sicurezza, su alcuni forum sono apparsi gli exploit di nuove falle zero-day di Office. Secondo quanto riportato in questo post da McAfee Avert Labs, almeno una delle vulnerabilità è potenzialmente utilizzabile per eseguire del codice da remoto. Tipicamente i cracker riescono a sfruttare questo tipo di bug creando dei documenti che, una volta aperti, causano il crash dell’applicazione ed eseguono del codice dannoso con gli stessi privilegi dell’utente locale. News.com sostiene che Microsoft stia attualmente investigando sul problema e che, al momento, non sia a conoscenza di alcun attacco che faccia leva su queste debolezze. [...]
April 12th, 2007 at 00:48
[...] Mentre Microsoft rilasciava i suoi nuovi bollettini di sicurezza, su alcuni forum sono apparsi gli exploit di nuove falle zero-day di Office. Secondo quanto riportato in questo post da McAfee Avert Labs, almeno una delle vulnerabilità è potenzialmente utilizzabile per eseguire del codice da remoto. Tipicamente i cracker riescono a sfruttare questo tipo di bug creando dei documenti che, una volta aperti, causano il crash dell’applicazione ed eseguono del codice dannoso con gli stessi privilegi dell’utente locale. News.com sostiene che Microsoft stia attualmente investigando sul problema e che, al momento, non sia a conoscenza di alcun attacco che faccia leva su queste debolezze. [...]
April 12th, 2007 at 06:04
[...] Tutto ciò mentre in rete già appaiono notizie riguardanti nuovi bug con exploit scovati in Office (anche in Office 2007) . Microsoft però smentisce prontamente: gli esperti hanno indagato, e non è saltato fuori nulla di nuovo, ne in relazione ai più anziani Office ne tantomento nella nuova suite Office 2007. Allarme rientrato dunque? Segnala su Technotizie [...]
April 15th, 2007 at 09:11
[...] Now, back to the Word 2007 DoS 0day claims. The so-called MS security-guru David LeBlanc touts these claims as “security features”. Word crashed due to a protection mechanism that causes a crash instead of allowing for a possible exploit. Nobody is going to argue that a crash is much preferred over an exploit, but people, such as myself and ComputerWorld’s Frank Hayes, will argue that DoS should be classified as a security concern. [...]
June 5th, 2007 at 23:59
[...] Dün yayınlanan beş kiritik açığın yamaları soğumadan yeni sıfır günü açıklarının haberleri geliyor. McAfee Avert Labs blog’unda yazılan bir rapora göre, Office’in bazı zayıflıklarını suistimal eden bazı saldırı kodları yayınlanmış durumda. Aynı zamanda Windows’da bu kodların tehditi altında. [...]
December 3rd, 2007 at 20:34
[...] Laut dem McAfee Avert Labs Blog haben Experten drei neue Fehler in Microsoft Office entdeckt. Zwei der drei Sicherheitslücken können dem Blog zufolge durch Denial-of-Service-Attacken ausgenutzt werden, sodass das betroffene Programm abstürzt. [...]
May 21st, 2008 at 19:10
[...] [New MS Office Zero-Days] [...]
January 28th, 2009 at 18:35
Know tool better-forgot .pst password,it also free,but program has many features,it retrieve forgotten or lost passwords for Microsoft Outlook email client or for files with *.pst extension,can work not only with mail accounts, but also with password protected *.pst files,rogram is very easy, its simple interface can be used by anyone: from beginners to professionals,tool quickly sorts all characters, including multilingual ones and composes another password for you,can accept millions of different password, that differ from the original one, that was forgot pst 2003 password,provides a legal possibility to recover, when your forgot the pst password for Office 2003.