Content
(MS06-062) Microsoft Office Improper Memory Access Vulnerability (922581)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-3434,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP1,
- Windows 2000 SP4,
- Office 2000 SP3,
- Microsoft OfficeXP SP3,
- Office 2003 SP1-SP2,
- Office for Mac X,
- Office for Mac 2004,
- Microsoft Visio 2002 SP2,
- Microsoft Project 2000 SR1,
- Microsoft Project 2002 SP2,
- Summary
- A vulnerability is present in Microsoft Office that may allow for arbitrary code execution. This issue may be exploited when visiting a malicious website or opening a specially-crafted email attachment.
Tab Navigation
Description
Microsoft Office is an industry-standard office productivity suite. A vulnerability in Microsoft Office exists that may allow for arbitrary code execution. The flaw involves processing of Office documents with malformed strings. Code execution is at the rights level of the victim's user account rights level. Successful exploitation can be accomplished by coercing a victim to a website hosting the malicious document and having them download and open it. Alternately, the malicious document would need to be opened from an email attachment.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(922581): http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-062) Microsoft Office Improper Memory Access Vulnerability (922581)
- Signature identifier:
- 4659
- Release date:
- 10/10/2006
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- PowerPoint_Malformed_Record_Vulnerability
- Signature identifier:
- 0x4022BD00
- Release date:
- 10/10/2006
- First released in:
- sigset 3.1.23
McAfee Host IPS
Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge
- Signature:
- Generic Buffer Overflow protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
VSE8.0i and MVS protect against many buffer overflow exploits. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.
- Signature:
- Buffer Overflow Protection
- Release date:
- 8/30/2004
- First released in:
- build 131
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in Microsoft Office Could Lead to Remote Code Execution (922581)
http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
Vulnerability Summary CVE-2006-3434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3434
Critical Vulnerability Affecting Microsoft Office
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-27.html
All Information
Timeline -
10/10/2006
Vendor has provided a patch.
10/10/2006
Vulnerability information has been publicly disclosed.
10/10/2006
Vulnerability information has been publicly disclosed.
Description -
Microsoft Office is an industry-standard office productivity suite. A vulnerability in Microsoft Office exists that may allow for arbitrary code execution. The flaw involves processing of Office documents with malformed strings. Code execution is at the rights level of the victim's user account rights level. Successful exploitation can be accomplished by coercing a victim to a website hosting the malicious document and having them download and open it. Alternately, the malicious document would need to be opened from an email attachment.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(922581): http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-062) Microsoft Office Improper Memory Access Vulnerability (922581)
- Signature identifier:
- 4659
- Release date:
- 10/10/2006
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- PowerPoint_Malformed_Record_Vulnerability
- Signature identifier:
- 0x4022BD00
- Release date:
- 10/10/2006
- First released in:
- sigset 3.1.23
McAfee Host IPS
Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge
- Signature:
- Generic Buffer Overflow protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
VSE8.0i and MVS protect against many buffer overflow exploits. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.
- Signature:
- Buffer Overflow Protection
- Release date:
- 8/30/2004
- First released in:
- build 131
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in Microsoft Office Could Lead to Remote Code Execution (922581)
http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx
Vulnerability Summary CVE-2006-3434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3434
Critical Vulnerability Affecting Microsoft Office
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-27.html
