-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA1=0D
=0D
=0D
=0D
		Symantec Vulnerability Research=0D
http://www.symantec.com/research=0D 
			Security Advisory=0D
=0D
=0D
Advisory ID   : SYMSA-2006-007=0D
Advisory Title: Microsoft Office Malformed String Parsing=0D
		Vulnerability=0D
Author : Elia Florio / elia_florio@symantec.com=0D 
Release Date  : 07-11-2006=0D
Application   : Microsoft Office 2000, Office XP (2002),=0D
		Office 2003=0D
Platform      : Windows=0D
Severity      : Remotely exploitable / User access=0D
Vendor status : Duplicated and verified by Microsoft,=0D
		patch available=0D
CVE Number    : CVE-2006-1540=0D
Reference : http://www.securityfocus.com/bid/18889=0D 
=0D
=0D
Overview:=0D
=0D
	There exists an overflow condition in Microsoft Office=0D
	when a malformed string included in an Office file is=0D
	parsed by any of the affected Office applications.=0D
=0D
=0D
Details:=0D
=0D
	The problem resides in the code of MSO.DLL, a shared=0D
	library used by Office applications, so the vulnerability=0D
	can be exploited using different attack vectors.=0D
	For example, the vulnerability can be exploited using a=0D
	malformed Excel 2003 file. By changing the size of the=0D
	Unicode "Sheet Name" string with an incorrect size, it is=0D
	possible to generate an integer overflow condition. Excel=0D
	2003 will crash while opening the malformed file due to an=0D
	access violation error with an invalid value of=0D
	EAX=0xFFFFFFFC.=0D
=0D
	MOV EDX,DWORD PTR DS:[EAX-4]=0D
	ADD EAX,-4=0D
	ADD EDX,4=0D
=0D
=0D
Vendor Response:=0D
=0D
	The above vulnerability was addressed for the affected=0D
	platforms via Microsoft Security Bulletin MS06-38. If=0D
	there are any further questions about this statement,=0D
please contact secure@microsoft.com.=0D 
=0D
=0D
Recommendation:=0D
	Follow your organization's testing procedures before=0D
	applying patches or workarounds.  Customers should apply=0D
	Microsoft's update as soon as possible.=0D
=0D
=0D
Common Vulnerabilities and Exposures (CVE) Information:=0D
=0D
The Common Vulnerabilities and Exposures (CVE) project has assigned=0D
the following names to these issues.  These are candidates for=0D
inclusion in the CVE list (http://cve.mitre.org), which standardizes=0D 
names for security problems.=0D
=0D
	CVE-2006-1540=0D
=0D
=0D
- -------Symantec Vulnerability Research Advisory Information-------=0D
=0D
For questions about this advisory, or to report an error:=0D
research@symantec.com=0D 
=0D
For details on Symantec's Vulnerability Reporting Policy:=0D
http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf=0D 
=0D
Symantec Vulnerability Research Advisory Archive:=0D
http://www.symantec.com/research/=0D 
=0D
Symantec Vulnerability Research GPG Key:=0D
http://www.symantec.com/research/Symantec_Consulting_Services_Advisories_GPG.asc=0D 
=0D
- -------------Symantec Product Advisory Information-------------=0D
=0D
To Report a Security Vulnerability in a Symantec Product:=0D
secure@symantec.com=0D 
=0D
For general information on Symantec's Product Vulnerability=0D
reporting and response:=0D
http://www.symantec.com/security/=0D 
=0D
Symantec Product Advisory Archive:=0D
http://www.symantec.com/avcenter/security/SymantecAdvisories.html=0D 
=0D
Symantec Product Advisory PGP Key:=0D
http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc=0D 
=0D
- ---------------------------------------------------------------=0D
=0D
Copyright (c) 2006 by Symantec Corp.=0D
Permission to redistribute this alert electronically is granted=0D
as long as it is not edited in any way unless authorized by=0D
Symantec Consulting Services. Reprinting the whole or part of=0D
this alert in any medium other than electronically requires=0D
permission from cs_advisories@symantec.com.=0D 
=0D
Disclaimer=0D
The information in the advisory is believed to be accurate at the=0D
time of publishing based on currently available information. Use=0D
of the information constitutes acceptance for use in an AS IS=0D
condition. There are no warranties with regard to this information.=0D
Neither the author nor the publisher accepts any liability for any=0D
direct, indirect, or consequential loss or damage arising from use=0D
of, or reliance on, this information.=0D
=0D
Symantec, Symantec products, and Symantec Consulting Services are=0D
registered trademarks of Symantec Corp. and/or affiliated companies=0D
in the United States and other countries. All other registered and=0D
unregistered trademarks represented in this document are the sole=0D
property of their respective companies/owners.=0D
-----BEGIN PGP SIGNATURE-----=0D
Version: GnuPG v1.4.0 (Cygwin)=0D
=0D
iD8DBQFEspITuk7IIFI45IARAiJyAJ4gvZGmSFL5B+ZOpCYrq3pXQrH6WgCgjDJu=0D
c6RMB/od64/cLbHSwy3EC/w==0D
=MYz8=0D
-----END PGP SIGNATURE-----=0D