Microsoft Office 2003 and Office for Mac 2011 Document Handling Vulnerability

This comes straight from our partners over at WatchGuard Security Center blog and may affect you if you are using Office 2003 for Windows or Office for Mac 2011. We happen to concur with the author’s thoughts that this is probably much more severe than Microsoft’s own rating of “important”.

If you need assistance with this, or any other computer security issue in the Greenville, Spartanburg or Anderson SC area, please call us at 864-990-4748. We are ready to help you!

Office 2003 Document Handling Code Execution Vulnerability

by Corey Nachreiner

Severity: Medium

Summary:

  • These vulnerabilities affect: Office 2003 and Office for Mac 2011
  • How an attacker exploits them: By enticing you to open maliciously crafted Office documents
  • Impact: An attacker can execute code, potentially gaining complete control of your computer
  • What to do: Install the appropriate Office patches as soon as possible, or let Windows Update do it for you.

Exposure:

As part of part of Patch Day, Microsoft released a security bulletin describing a vulnerability in Office 2003 and Office for Mac 2011. Specifically, the Office components used to parse PNG image files suffer from a buffer overflow vulnerability involving the way they handle specially crafted images. By embedding a malicious PNG image into an Office document, and tricking one of your users into downloading and opening or previewing it, an attacker can exploit this vulnerability to execute code on that user’s computer, inheriting that user’s privileges. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

Though Microsoft only rates this security update as Important, since the attack requires user interaction to succeed, we believe it poses a significant risk because many normal users trust Microsoft Office documents. You should patch this flaw as soon as you can.

Solution Path

Microsoft has released an update for Office to fix this flaw. If you use Office 2003 or Office for Mac 2011 you should download, test, and deploy the update as soon as possible, or let Windows Update do it for you. See the “Affected and Non-Affected Software” section of Microsoft’s bulletin for more details on where to find the updates.

For All WatchGuard Users:

Though you can use WatchGuard’s XTM and XCS appliances to block certain files and content, such as Office documents, most organizations share these types of documents as part of normal business. Instead, we recommend you install Microsoft’s updates to completely protect yourself from this flaw.

Status:

Microsoft has released an Office update to fix this flaw.

References:

  • Microsoft Security Bulletin MS13-051

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Leave a Reply

Your email address will not be published. Required fields are marked *