Tuesday, February 8, 2011

ZDI Public Disclosure: Microsoft


These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010.
  • ZDI-CAN-811 = Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
  • ZDI-CAN-829 = Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability
  • ZDI-CAN-904 = Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability
  • ZDI-CAN-798 = Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
  • ZDI-CAN-827 = Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability

ZDI Outlined Mitigations

1) Microsoft Office File Block Policy can be used to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations. This mitigation could be problematic in environments where 2003 binary files are still used.

2) Use Microsoft Office Isolated Conversion Environment (MOICE) when opening Excel and PowerPoint files in Office 2003 or 2007 - http://support.microsoft.com/kb/935865 & http://support.microsoft.com/kb/935865#FixItForMeAlways (Enable MOICE with Simple “Fix it”)

3) Use Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) with Microsoft Excel and Microsoft PowerPoint processes to force utilization of ASLR (only on Windows Vista or Windows 7) and DEP mitigations which could prevent exploitation.

No comments:

Post a Comment