Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
1) An error in the EPS (Encapsulated PostScript) filter when handling the length of EPS images can be exploited to corrupt memory via e.g. an Office document containing a specially crafted EPS file.
2) An error in the PICT filter when handling the length of PICT images can be exploited to corrupt memory via a specially crafted PICT image.
3) An error in the PICT filter when parsing the "bits_per_pixel" field in PICT images can be exploited to corrupt heap memory via a specially crafted PICT image.
4) An error in the "BMPIMP32.FLT" filter module when handling the length of BMP images can be exploited to corrupt memory via a specially crafted BMP image with a very large number of colors in the header.
5) An boundary error in the WPG (WordPerfect Graphics) filter module "WPGIMP32.FLT" when handling the length of WPG images can be exploited to cause a heap-based buffer overflow via a specially crafted WPG image or WordPerfect document.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Office Filters Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.