- These vulnerabilities affect: Office 2003 and Office for Mac 2011
- How an attacker exploits them: By enticing you to open maliciously crafted Office documents
- Impact: An attacker can execute code, potentially gaining complete control of your computer
- What to do: Install the appropriate Office patches as soon as possible, or let Windows Update do it for you.
As part of part of Patch Day, Microsoft released a security bulletin describing a vulnerability in Office 2003 and Office for Mac 2011. Specifically, the Office components used to parse PNG image files suffer from a buffer overflow vulnerability involving the way they handle specially crafted images. By embedding a malicious PNG image into an Office document, and tricking one of your users into downloading and opening or previewing it, an attacker can exploit this vulnerability to execute code on that user’s computer, inheriting that user’s privileges. If your user has local administrative privileges, the attacker gains full control of the user’s machine.
Though Microsoft only rates this security update as Important, since the attack requires user interaction to succeed, we believe it poses a significant risk because many normal users trust Microsoft Office documents. You should patch this flaw as soon as you can.
Microsoft has released an update for Office to fix this flaw. If you use Office 2003 or Office for Mac 2011 you should download, test, and deploy the update as soon as possible, or let Windows Update do it for you. See the “Affected and Non-Affected Software” section of Microsoft’s bulletin for more details on where to find the updates.
For All WatchGuard Users:
Though you can use WatchGuard’s XTM and XCS appliances to block certain files and content, such as Office documents, most organizations share these types of documents as part of normal business. Instead, we recommend you install Microsoft’s updates to completely protect yourself from this flaw.
Microsoft has released an Office update to fix this flaw.
- Microsoft Security Bulletin MS13-051
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).
Leave a Reply