Select local site

F-Secure Vulnerability Information :
Microsoft Office Brazilian Portuguese Grammar Checker Vulnerability
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA23671
Source:Secunia
Date of Discovery:09.01.2007
Criticality:Moderate
Affects:

Microsoft Access 2003
Microsoft Excel 2003
Microsoft Frontpage 2003
Microsoft InfoPath 2003
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Proofing Tools
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft OneNote 2003
Microsoft Outlook 2003
Microsoft Powerpoint 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Compromise From:From remote
Compromise Type:System access
Summary

A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user"s system.
Back to the Top

Detailed Description

A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to an error in the Brazilian Portuguese grammar checker and can be exploited to corrupt memory by tricking a user into opening a specially crafted Office document.

Successful exploitation allows execution of arbitrary code.
Back to the Top

Solution

Apply patches.

Microsoft Office 2003 SP2 (Brazilian Portuguese Version):
http://www.microsoft.com/downloads/details.aspx?familyid=B828BA91-A993-41EC-839C-8995CCFAEC6B

Microsoft Office Multilingual User Interface 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=C860DE66-DB1A-489D-8518-42CE468F5965

Microsoft Project Multilingual User Interface 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=8F233E5D-1270-4041-9CDD-C3541B7F4B40

Microsoft Visio Multilingual User Interface 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=C5A29C81-419C-440B-BF0B-FEC0C0708430

Microsoft Office Proofing Tools 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=51E9C97A-C35F-45AD-A587-8F08F1D34B7B
Back to the Top

CVE Reference
CVE-2006-5574
Back to the Top

F-Secure Corporation