‫ Microsoft Office Insecure Library Loading and Token Disclosure Two Vulnerabilities

IRCAD2014053319

Number: IRCAD2014053319

Date: 2014/05/13

Criticality level: highly critical

Software:

Microsoft Office 2007

Microsoft Office 2010

Microsoft Office 2013

Microsoft Office 2013 RT

Description

Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

1)The vulnerability is caused due to the Grammar Checker feature for Chinese (Simplified) loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an Office-related file (e.g. docx) located on a remote WebDAV or SMB share.

Successful exploitation of this vulnerability allows execution of arbitrary code, but requires the Grammar Checker for Chinese (Simplified) feature to be enabled.

2) An error when handling a certain response can be exploited to gain knowledge of access tokens used for authentication of the current user on a targeted Microsoft online service and subsequently e.g. impersonate the user via a replay attack.

Solution:

Apply updates.

Microsoft Office 2007

Microsoft Office 2007 Service Pack 3

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (32-bit editions)

Microsoft Office 2010 Service Pack 2 (32-bit editions)

Microsoft Office 2010 Service Pack 1 (64-bit editions)

Microsoft Office 2010 Service Pack 2 (64-bit editions)

Microsoft Office 2013 and Microsoft Office 2013 RT

Microsoft Office 2013 (32-bit editions)

Microsoft Office 2013 Service Pack 1 (32-bit editions)

Microsoft Office 2013 (32-bit editions)

Microsoft Office 2013 Service Pack 1 (32-bit editions)

Microsoft Office 2013 (64-bit editions)

Microsoft Office 2013 Service Pack 1 (64-bit editions)

Microsoft Office 2013 (64-bit editions)

Microsoft Office 2013 Service Pack 1 (64-bit editions)

Resources:

Microsoft (KB2961037, KB2767772, KB2878284, KB2880463, KB2878316, KB2880463):

secunia:
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 اردیبهشت 1393

امتیاز

امتیاز شما
تعداد امتیازها:0