FortiGuard Center

FortiGuard Advisory (FGA-2006-27)

Multiple Vulnerabilities in Microsoft PowerPoint, Microsoft Office and Microsoft Server Service
2006.October.10

  • I. Critical Vulnerability Affecting Microsoft PowerPoint.

    Fortinet Security Research Team (FSRT) has discovered a Remote Code Execution vulnerability of Microsoft PowerPoint.

    MS Bulletin ID: MS06-058
    CVE ID: CVE-2006-3876

    Summary:

    A Remote Code Execution vulnerability exists in Microsoft PowerPoint which could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

    Impact:

    Execution of arbitrary code leading to system compromise.

    Risk:

    Critical

    Software affected:

    • Microsoft Office 2000 Service Pack 3
      • Microsoft PowerPoint 2000
    • Microsoft Office XP Service Pack 3
      • Microsoft PowerPoint 2002
    • Microsoft Office 2003 Service Pack 1 or Service Pack 2
      • Microsoft Office PowerPoint 2003
    • Microsoft Office 2004 for Mac
      • Microsoft PowerPoint 2004 for Mac
    • Microsoft Office v. X for Mac
      • Microsoft PowerPoint v. X for Mac

    Additional Information:

    There is a vulnerability in Microsoft PowerPoint. A remote attacker could construct a .ppt file with malformed bits, when users open this .ppt file, this will cause Microsoft PowerPoint an improper memory access. If specially crafted, this can cause execution of arbitary command.

    This vulnerability is due to error manipulation of Microsoft PowerPoint’s certain Record Data.

    Solution:

    Microsoft users should apply the update provided by Microsoft.

    Acknowledgment:

    Dejun Meng of Fortinet Security Research Team.

    References:

  • II. Critical Vulnerability Affecting Microsoft Office

    Fortinet Security Research Team (FSRT) has discovered a Remote Code Execution vulnerability of Microsoft Office.

    MS Bulletin ID: MS06-062
    CVE ID: CVE-2006-3434

    Summary:

    A Remote Code Execution vulnerability exists in Microsoft Office which could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

    Impact:

    Execution of arbitrary code leading to system compromise.

    Risk:

    Critical

    Software affected:

    • Microsoft Office 2000 Service Pack 3
      • Microsoft Access 2000
      • Microsoft Excel 2000
      • Microsoft FrontPage 2000
      • Microsoft Outlook 2000
      • Microsoft PowerPoint 2000
      • Microsoft Publisher 2000
      • Microsoft Word 2000
    • Microsoft Office XP Service Pack 3
      • Microsoft Access 2002
      • Microsoft Excel 2002
      • Microsoft FrontPage 2002
      • Microsoft Outlook 2002
      • Microsoft PowerPoint 2002
      • Microsoft Publisher 2002
      • Microsoft Visio 2002
      • Microsoft Word 2002
    • Microsoft Office 2003 Service Pack 1 or Service Pack 2
      • Microsoft Access 2003
      • Microsoft Excel 2003
      • Microsoft Excel 2003 Viewer
      • Microsoft FrontPage 2003
      • Microsoft InfoPath 2003
      • Microsoft OneNote 2003
      • Microsoft Outlook 2003
      • Microsoft PowerPoint 2003
      • Microsoft Project 2003
      • Microsoft Publisher 2003
      • Microsoft Visio 2003
      • Microsoft Word 2003
      • Microsoft Word 2003 Viewer
    • Microsoft Project 2000 Service Release 1
    • Microsoft Project 2002 Service Pack 1
    • Microsoft Visio 2002 Service Pack 2
    • Microsoft Office 2004 for Mac
    • Microsoft Office v. X for Mac

    Additional Information:

    There is a vulnerability in Microsoft Office. A remote attacker could construct an office file with a malformed string, when users open this office file, this will cause Microsoft Office an improper memory access. If specially crafted, this can cause execution of arbitary command.

    Solution:

    Microsoft users should apply the update provided by Microsoft.

    Acknowledgment:

    Dejun Meng of Fortinet Security Research Team.

    References:

  • III. Important Vulnerability Affecting Microsoft Server Service

    Fortinet Security Research Team (FSRT) has discovered a Denial of Service vulnerability of Microsoft Server Service.

    MS Bulletin ID: MS06-063
    CVE ID: CVE-2006-4696

    Summary:

    A Remote Denial of Service vulnerability exists in Microsoft Server Service which could allow an attacker who successfully exploited this vulnerability to make target system crash.

    Impact:

    Denial of Service

    Risk:

    Critical

    Software affected:

    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition

    Additional Information:

    There is a vulnerability in Microsoft Server Service. A remote attacker could crash the target system by constructing and sending a mailformed message.

    This service is running by default and the attack can be performed by anonymous user.

    This vulnerability is due to error manipulation of certain network messages.

    Solution:

    Microsoft users should apply the update provided by Microsoft.

    Acknowledgment:

    Fortinet Security Research Team.

    References:



Disclaimer:

Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.

About Fortinet ( www.fortinet.com ):

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.