Title

Multiple Vulnerabilities in Microsoft Office (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities in Microsoft Office. To exploit these vulnerabilities, an attacker would entice a user to access a malicious Office file hosted on a web site, sent via email or from a location that requires a malicious DLL to be loaded from a directory controlled or compromised by the attacker. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code and compromise an affected system. At this time, there are known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Office Component Insecure Library Loading Vulnerability - (CVE-2011-0107): A remote code execution vulnerability exists in the way that Microsoft Office handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Office Graphic Object Dereferencing Vulnerability - (CVE-2011-0977): A remote code execution vulnerability exists in the way that Microsoft Office handles graphic objects when parsing a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Content

See IAVM notice and Microsoft Bulletin MS11-023 (KB 2489293) for additional information. Vulnerable Applications/Systems: Microsoft Office XP SP3 Microsoft Office 2003 SP3 Microsoft Office 2007 SP2 Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Mso.dll Microsoft Office XP SP3 - 10.0.6870.0 Microsoft Office 2003 SP3 - 11.0.8333.0 Microsoft Office 2007 SP2 - 12.0.6554.5001 System administrators should refer to the Microsoft Security Bulletin to determine affected applications/system and appropriate fix actions.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-26527

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.