Yet another weak point in Microsoft Office
Attackers could use manipulated Word documents to exploit another security leak in Microsoft's Office and inject malicious code onto local systems. Naveed Afzal, the discoverer of the hole, has published a document that exploits this weak point to cause the application to crash.
The document creates a buffer overflow in the function LsCreateLine within the function library mso.dll. Afzal explains that the buffer overflow can be caused in such a way that allows code from the document to be executed in the context of the user who is logged in. According to the proof-of-concept code, Office 2000, XP, and 2003 are all affected. In contrast, the Word version in Office 97 did not crash when tested by heise Security, but merely jumped around from page to page in the document. It is not clear whether Microsoft will close this hole on its patch day tomorrow.
- MS Word Unchecked Boundary Condition Vulnerability - POC, Naveed Afzal's security advisory at Full Disclosure