Vulnerabilities > CVE-2008-3021 - Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS08-044.NASL
descriptionThe remote host is running a version of some Microsoft Office filters that are subject to various flaws that could allow arbitrary code to be run. An attacker may use these to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it import it with Microsoft Office.
last seen2020-06-01
modified2020-06-02
plugin id33873
published2008-08-13
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/33873
titleMS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)

Oval

accepted2015-08-10T04:01:02.652-04:00
classvulnerability
contributors
  • nameSudhir Gandhe
    organizationSecure Elements, Inc.
  • nameAkihito Nakamura
    organizationAIST
  • nameChandan S
    organizationSecPod Technologies
  • nameDragos Prisaca
    organizationG2, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Office 2000 is installed
    ovaloval:org.mitre.oval:def:93
  • commentMicrosoft Office XP is installed
    ovaloval:org.mitre.oval:def:663
  • commentMicrosoft Project 2002 SP1 is installed
    ovaloval:org.mitre.oval:def:707
  • commentMicrosoft Office Converter Pack is installed
    ovaloval:org.mitre.oval:def:28520
  • commentMicrosoft Office 2003 is installed
    ovaloval:org.mitre.oval:def:233
descriptionMicrosoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
familywindows
idoval:org.mitre.oval:def:5997
statusaccepted
submitted2008-08-13T09:28:00
titleMicrosoft PICT Filter Parsing Vulnerability
version17

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30598 CVE(CAN) ID: CVE-2008-3021 Microsoft Office是非常流行的办公软件套件。 Office的WPGIMP32.FLT模块没有正确地处理office文档中的PICT图形,如果PICT图形文件中包含有超长的bits_per_pixel字段的话,则打开该文件就可能触发堆溢出,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office Converter Pack Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 SP3 Microsoft Works 8.0 临时解决方法: * 修改存取控制表以拒绝所有用户对WPG32.FLT的访问 注册表方法 1. 单击“开始”,单击“运行”,键入regedit.exe,然后单击“确定”。 2. 导航到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Graphics Filters\Import\WPG。 3. 记下Path的值。 在资源管理器中,导航到作为Path的值列出的WPG32.FLT文件。 4. 右键单击WPG32.FLT文件并选择“属性”。 5. 在“安全”选项卡上单击“高级”。 6. 取消选择“允许可继承的权限从父对象传送到此对象...”并单击“删除”。 7. 单击“确定”、“是”和“确定”。 脚本方法 对于Windows XP的所有受支持的32位版本,通过命令提示符运行以下命令 cacls &quot;%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; /E /P everyone:N 对于Windows XP的所有受支持的基于x64的版本,通过命令提示符运行以下命令: cacls &quot;%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; /E /P everyone:N 对于Windows Vista和Windows Server 2008的所有受支持的32位版本,以管理员身份通过命令提示符运行下列命令: takeown /f &quot;%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; icacls &quot;%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; /save %TEMP%\WPG IMP32 _ACL.TXT icacls &quot;%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; /deny everyone:(F) 对于Windows Vista和Windows Server 2008的所有受支持的基于x64的版本,以管理员身份通过命令提示符运行下列命令: takeown /f &quot;%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; icacls &quot;%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; /save %TEMP%\WPG IMP32 _ACL.TXT icacls &quot;%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT&quot; /deny everyone:(F) * 不要打开或保存从不受信任来源或从受信任来源意外收到的文档。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-044)以及相应补丁: MS08-044:Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx?pf=true</a>
idSSV:3828
last seen2017-11-19
modified2008-08-14
published2008-08-14
reporterRoot
titleMicrosoft Office WPG图形文件处理堆溢出漏洞(MS08-044)