In association with heise online

10 July 2006, 12:57

Yet another weak point in Microsoft Office

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers could use manipulated Word documents to exploit another security leak in Microsoft's Office and inject malicious code onto local systems. Naveed Afzal, the discoverer of the hole, has published a document that exploits this weak point to cause the application to crash.

The document creates a buffer overflow in the function LsCreateLine within the function library mso.dll. Afzal explains that the buffer overflow can be caused in such a way that allows code from the document to be executed in the context of the user who is logged in. According to the proof-of-concept code, Office 2000, XP, and 2003 are all affected. In contrast, the Word version in Office 97 did not crash when tested by heise Security, but merely jumped around from page to page in the document. It is not clear whether Microsoft will close this hole on its patch day tomorrow.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit