‫ Visual Basic for Applications Insecure Library Loading Vulnerability

IRCAD2012072055
ID: IRCAD2012072055
Release Date: 2012-07-10
Criticality level: Highly critical
Software:
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2010
Microsoft Visual Basic for Applications 6.x
Microsoft Visual Basic for Applications SDK 6.x
Description:
A vulnerability has been reported in Microsoft Visual Basic for Applications and Microsoft Office, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries (e.g. imeshare.dll) in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening an Office file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being actively exploited in limited, targeted attacks primarily focused on Japanese organizations.
Solution
Apply patches.
 
References:
MS12-046 (KB2707960, KB2598361, KB2596744, KB2598243, KB2553447, KB2688865):
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 22 تیر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0