SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#194944

Microsoft Windows fails to properly handle malformed OLE documents

Overview

A vulnerability exists in a Microsoft Windows library that is used to handle OLE documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as a denial of service.

I. Description

Microsoft OLE documents include summary information about the document, such as the line count. A memory corruption vulnerability exists in a library (ole32.dll) used by Windows to parse OLE document summary information. Note that Microsoft Windows can parse OLE document summary information without having Microsoft Office installed.

Public exploit code targeting Microsoft Windows Explorer is available for this vulnerability. The public exploit code uses specially crafted Office document to trigger the vulnerability in Microsoft Windows Explorer. However, any application that links to ole32.dll may also be affected.

II. Impact

The complete impact of this vulnerability is not known. Memory corruption does occur, but it is not clear if this can be leveraged to execute arbitrary code. At a minimum, this vulnerability will cause a denial of service.

III. Solution

We are currently unaware of a practical solution to this problem. Until a solution is available, the following workarounds may reduce the chances of exploitation:


Do not access untrusted Office documents

This vulnerability can be triggered by accessing a specially crafted Office document, or by accessing the folder containing that document. Do not access unfamiliar or unexpected Office documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010 for more information.

Do not rely on file name extension filtering

In most cases, Windows will call Office to open a document even if the document has an unknown file extension. For example, if document.qwer contains the correct file header information, Windows will open document.qwer with the appropriate Office application. Filtering for common extensions (e.g., .doc, .xls, and .ppt) will not detect all Office documents.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable7-Mar-2007

References


http://www.securityfocus.com/bid/22847

Credit

This vulnerability was publicly disclosed by Marsu.

This document was written by Jeff Gennari.

Other Information

Date Public03/07/2007
Date First Published03/07/2007 12:17:25 PM
Date Last Updated03/12/2007
CERT Advisory 
CVE Name 
US-CERT Technical Alerts 
Metric22.05
Document Revision20

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader