Microsoft fixes latest flawsDate: March 15, 2006
Source: Beta News
The patch dealing with the Office vulnerability contained fixes for five issues within Excel, including malformed range, file format parsing, description, graphic and record flaws. In each case, an attacker could take complete control of an affected system if the user was logged in as an administrator.
Microsoft also fixed a flaw that occurs when using a malformed routing slip within an Office document. Remote code execution as well as a complete system takeover would also be possible through this vulnerability.
In a twist from past Patch Tuesdays, this update additionally disclosed that users of Microsoft Office for Mac products were also at risk. All Windows Office versions from 2000 onward were vulnerable, Microsoft said.
Assistance in fixing the vulnerability came from a host of sources, including Symantec, FelicioX, NGS Software, TippingPoint and the Zero Day Initiative, the Fortinet Security Response Team, and the XFOCUS Security Team.
The Windows patch was for a vulnerability discovered by a pair of Princeton Researchers. In computers running either Windows Server 2003 without the service pack or Windows XP SP1, a privilege vulnerability flaw exists that would allow an attacker to easily find privilege escalation vulnerabilities in third-party applications.
Add comment Email to a Friend