WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec

Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability

Risk
High

Date Discovered
02-08-2005

Description
A remote buffer overflow vulnerability affects Microsoft Office XP. The problem presents itself when an unsuspecting user follows a malicious HTML link that points to a Office document. A boundary condition error is exposed during this operation that may allow attacker-specified data to corrupt process memory.

An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that follows a malicious embedded link.

Symantec Vulnerability Assessment
Symantec Vulnerability Assessment detects and reports this vulnerability. Click here for the advisory released February 10, 2005.

Platforms Affected
Microsoft Excel 2002 SP3
Microsoft FrontPage 2002 SP3
Microsoft Office XP
Microsoft Office XP SP2
Microsoft Outlook 2002 SP3
Microsoft PowerPoint 2002 SP3
Microsoft Publisher 2002 SP3
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 95
Microsoft Windows 95 SR2
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Terminal Server 4.0 alpha
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows XP Home
Microsoft Windows XP Home SP1
Microsoft Windows XP Professional
Microsoft Windows XP Professional SP1
Microsoft Word 2002 SP3

Components Affected
Microsoft Office XP SP3
Microsoft Office XP SP2
Microsoft Office XP SP1
Microsoft Office XP
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2002 SP2
Microsoft PowerPoint 2002 SP1
Microsoft PowerPoint 2002
Microsoft Project 2002 SP1
Microsoft Project 2002
Microsoft Visio 2002 SP2
Microsoft Visio 2002 SP1
Microsoft Visio 2002
Microsoft Visio 2002 Professional SP2
Microsoft Visio 2002 Standard SP2
Microsoft Word 2002 SP3
Microsoft Word 2002 SP2
Microsoft Word 2002 SP1
Microsoft Word 2002
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004

Recommendations
Do not accept or execute files from untrusted or unknown sources.
Refusing to open Office documents originating from potentially malicious sources will greatly reduce exposure to this issue.

Do not follow links provided by unknown or untrusted sources.
As exploitation of this issue requires an unsuspecting user to follow a malicious link, it is advised that users exercise extreme caution when following links provided by individuals or groups of questionable legitimacy.

Run all software as a non-privileged user with minimal access rights.
Non-administrative software should always be run as an unprivileged user with minimal access rights to reduce the impact of latent vulnerabilities.

Microsoft has released updates to address this issue.


Microsoft Office XP SP3:

Microsoft Patch Security Update for Office XP (KB873352)
http://www.microsoft.com/downloads/details.aspx?familyid=A0115BF8-5F80-43E9-BE28-24D344600D69&displaylang=en

Microsoft Office XP SP2:
Microsoft Patch Security Update for Office XP (KB873352)
http://www.microsoft.com/downloads/details.aspx?familyid=A0115BF8-5F80-43E9-BE28-24D344600D69&displaylang=en

Microsoft Office XP SP1:
Microsoft Office XP :
Microsoft PowerPoint 2002 SP3:
Microsoft PowerPoint 2002 SP2:
Microsoft PowerPoint 2002 SP1:
Microsoft PowerPoint 2002 :
Microsoft Project 2002 SP1:
Microsoft Patch Security Update for Project 2002 (KB873355)
http://download.microsoft.com/download/8/0/7/807ada7f-8f3f-4114-8dfd-935d55acf82c/project2002-KB873355-FullFile-ENU.EXE

Microsoft Project 2002 :
Microsoft Visio 2002 SP2:
Microsoft Patch Security Update for Visio 2002 (KB873354)
http://download.microsoft.com/download/f/3/9/f39b9399-4caf-4d78-8375-de0ea88e5166/Visio2002-KB873354-FullFile-ENU.EXE

Microsoft Visio 2002 SP1:
Microsoft Visio 2002 :
Microsoft Visio 2002 Professional SP2:
Microsoft Visio 2002 Standard SP2:
Microsoft Word 2002 SP3:
Microsoft Word 2002 SP2:
Microsoft Word 2002 SP1:
Microsoft Word 2002 :
Microsoft Works Suite 2002 :
Microsoft Patch Security Update for Office XP (KB873352)
http://www.microsoft.com/downloads/details.aspx?familyid=A0115BF8-5F80-43E9-BE28-24D344600D69&displaylang=en

Microsoft Works Suite 2003 :
Microsoft Patch Security Update for Office XP (KB873352)
http://www.microsoft.com/downloads/details.aspx?familyid=A0115BF8-5F80-43E9-BE28-24D344600D69&displaylang=en

Microsoft Works Suite 2004 :
Microsoft Patch Security Update for Office XP (KB873352)
http://www.microsoft.com/downloads/details.aspx?familyid=A0115BF8-5F80-43E9-BE28-24D344600D69&displaylang=en

References
Source: Microsoft Office Product Homepage
URL: http://www.microsoft.com/office/

Source: Microsoft Security Bulletin MS05-005
URL: http://www.microsoft.com/technet/security/bulletin/MS05-005.mspx

Credits
Finjan is credited with the discovery of this issue.


Copyright © by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.