The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Office FrontPage

computer vulnerability bulletin CVE-2013-3137

Microsoft FrontPage: information disclosure via DTD Entities

Synthesis of the vulnerability

An attacker can invite the victim to open a FrontPage document using DTD entities, in order to obtain the content of a file located on victim's computer.
Impacted products: Office, Microsoft FrontPage.
Severity: 2/4.
Creation date: 11/09/2013.
Identifiers: 2825621, BID-62185, CERTA-2013-AVI-523, CVE-2013-3137, MS13-078, VIGILANCE-VUL-13408.

Description of the vulnerability

FrontPage documents use XML data. The DTD (Document Type Definition) of the XML document can define new entities (&entity;).

However, these entities can point to an external file. FrontPage does not perform this check, and accepts to integrate data from the external file in his own document.

An attacker can therefore invite the victim to open a FrontPage document using DTD entities, in order to obtain the content of a file located on victim's computer.
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2013-0006 CVE-2013-0007

Windows, IE, Office, SharePoint: code execution via Microsoft XML Core Services

Synthesis of the vulnerability

An attacker can invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services, in order to corrupt the memory, and to execute code.
Impacted products: Office, Access, Excel, Microsoft FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Windows 2003, Windows 2008 R0, Windows 2008 R2, Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Creation date: 08/01/2013.
Identifiers: 2756145, BID-57116, BID-57122, CERTA-2013-AVI-011, CVE-2013-0006, CVE-2013-0007, MS13-002, VIGILANCE-VUL-12310.

Description of the vulnerability

The Microsoft XML Core Services (MSXML) library is used by Microsoft applications which process XML data. It is impacted by two vulnerabilities.

An attacker can use XML data which truncates an integer, and corrupts the memory. [severity:4/4; BID-57116, CVE-2013-0006]

An attacker can use XSLT (Extensible Stylesheet Language Transformations) data which corrupt the memory. [severity:4/4; BID-57122, CVE-2013-0007]

An attacker can therefore invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services (such as Internet Explorer), in order to corrupt the memory, and to execute code.
Complete Vigil@nce bulletin.... (free trial)

vulnerability alert CVE-2012-1856

Office, SQL Server, HIS, Visual Basic: code execution via MSCOMCTL.OCX

Synthesis of the vulnerability

An attacker can invite the victim to browse a web page loading the MSCOMCTL.OCX ActiveX, in order to execute code on his computer.
Impacted products: HIS, Office, Access, Office Communicator, Excel, Microsoft FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, SQL Server, Visual Studio.
Severity: 4/4.
Creation date: 14/08/2012.
Identifiers: 2720573, BID-54948, CERTA-2012-AVI-443, CVE-2012-1856, MS12-060, VIGILANCE-VUL-11851.

Description of the vulnerability

The MSCOMCTL.OCX file is installed by several Microsoft products:
 - Microsoft Office
 - Microsoft SQL Server
 - Microsoft Commerce Server
 - Microsoft Host Integration Server
 - Microsoft Visual FoxPro
 - Visual Basic 6.0 Runtime

This file contains the Windows Common Controls ActiveX controls (MSCOMCTL.TreeView, MSCOMCTL.ListView2, MSCOMCTL.TreeView2, and MSCOMCTL.ListView, MSCOMCTL.TabStrip).

The TabStrip control can use a freed memory area. Technical details are unknown.

An attacker can therefore invite the victim to browse a web page loading the MSCOMCTL.OCX ActiveX, in order to execute code on his computer.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2012-1854

Microsoft Office: code execution via DLL Preload

Synthesis of the vulnerability

An attacker can create a malicious DLL and invite the victim to open an Office document in the same directory, in order to execute code.
Impacted products: Office, Access, Excel, Microsoft FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Visual Studio.
Severity: 3/4.
Creation date: 10/07/2012.
Identifiers: 2707960, BID-54303, CERTA-2012-AVI-376, CVE-2012-1854, MS12-046, VIGILANCE-VUL-11756.

Description of the vulnerability

The Microsoft Office product loads the VBE6.DLL (Microsoft Visual Basic for Applications) library to open ".docx" files for example.

However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.

An attacker can therefore create a malicious DLL and invite the victim to open an Office document in the same directory, in order to execute code.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2011-0041

Windows: code execution via GDI EMF

Synthesis of the vulnerability

An attacker can create a malicious EMF image in order to execute code when it is displayed.
Impacted products: Office, Access, Excel, Microsoft FrontPage, Outlook, PowerPoint, Project, Publisher, Visio, Word, Windows 2003, Windows 2008 R0, Windows Vista, Windows XP.
Severity: 4/4.
Creation date: 13/04/2011.
Identifiers: 2489979, BID-47250, CERTA-2011-AVI-212, CVE-2011-0041, MS11-029, VIGILANCE-VUL-10554.

Description of the vulnerability

The GDI interface (Graphics Device Interface) is used by applications to display and print text and graphics.

The EMF (Enhanced Metafile) format represent images composed of objects (line, rectangle, text, etc.) and is handled by gdiplus.dll.

However, when GDI analyzes a malformed EMF image, an integer overflow occurs.

An attacker can therefore create a malicious EMF image in order to execute code when it is displayed.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2010-2573 CVE-2010-3333 CVE-2010-3334

Microsoft Office: several vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious document with Microsoft Office, in order to execute code on his computer.
Impacted products: Office, Access, Office Communicator, Excel, Microsoft FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 4/4.
Creation date: 10/11/2010.
Identifiers: 2423930, ASPR #2010-11-10-1, ASPR #2010-11-10-2, ASPR #2010-11-10-3, BID-42628, BID-44628, BID-44652, BID-44656, BID-44659, BID-44660, CERTA-2010-AVI-543, CVE-2010-2573, CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, CVE-2010-3336, CVE-2010-3337, MS10-087, VIGILANCE-VUL-10115, ZDI-10-24, ZDI-10-246.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office. They lead to code execution.

An attacker can create a malicious RTF document creating a buffer overflow in Word. If Outlook is configured to use Word, an attacker can send the RTF document by email in order to exploit this vulnerability. [severity:4/4; BID-44652, CERTA-2010-AVI-543, CVE-2010-3333]

An attacker can create an Office document containing an Art Drawing with a malicious msofbtSp (Shape Container) field, in order to corrupt the memory. [severity:3/4; BID-44656, CVE-2010-3334]

An attacker can create an Office document containing a malicious MSODrawing, which creates an exception, in order to corrupt the memory. [severity:3/4; BID-44659, CVE-2010-3335, ZDI-10-246]

An attacker can create a document with a malicious "SPID Read AV", in order to execute code. [severity:3/4; BID-44660, CVE-2010-3336]

Office loads a DLL (pptimpconv.dll, wdimpconv.dll, xlimpconv.dll) from the current directory. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code. [severity:2/4; ASPR #2010-11-10-1, ASPR #2010-11-10-2, ASPR #2010-11-10-3, BID-42628, CVE-2010-3337]

An attacker can create a PowerPoint document containing a malicious Animation Node, creating an integer overflow, and leading to a memory corruption. [severity:3/4; BID-44628, CVE-2010-2573, ZDI-10-24]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2010-0815

Microsoft Office: code execution via Visual Basic for Applications

Synthesis of the vulnerability

An attacker can invite the victim to open an Office document containing VB code and an ActiveX, in order to execute code on his computer.
Impacted products: Office, Access, Excel, Microsoft FrontPage, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Creation date: 11/05/2010.
Identifiers: 978213, BID-39931, CERTA-2010-AVI-206, CVE-2010-0815, MS10-031, VIGILANCE-VUL-9636.

Description of the vulnerability

An Office document can contain VB code, which is interpreted by Visual Basic for Applications, managed by the VBE6.DLL library.

Visual Basic for Applications does not correctly manage the loading order of ActiveX. An Office document can thus contain a malicious ActiveX, and a VB code loading this ActiveX, and corrupting one byte in the memory.

An attacker can therefore invite the victim to open an Office document containing VB code and an ActiveX, in order to execute code on his computer.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2009-1136

Microsoft Office Web Components: memory corruption

Synthesis of the vulnerability

An attacker can invite the victim to see an HTML page in order to corrupt the memory of a Microsoft Office Web Components ActiveX, leading to code execution.
Impacted products: BizTalk Server, IE, ISA, Office, Access, Excel, Microsoft FrontPage, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Visual Studio.
Severity: 4/4.
Creation date: 15/07/2009.
Identifiers: 957638, 973472, BID-35642, CVE-2009-1136, FGA-2009-27, MS09-043, VIGILANCE-VUL-8854, VU#545228.

Description of the vulnerability

Microsoft Office Web Components are installed with Office and ISA, and provide ActiveX to publish spreadsheets and charts on a web site.

The OWC10.Spreadsheet ActiveX displays an Excel spreadsheet. Its Evaluate() and msDataSourceObject() methods do not correctly validate number arrays, which corrupts the memory.

An attacker can therefore invite the victim to see an HTML page in order to corrupt the memory of a Microsoft Office Web Components ActiveX, leading to code execution.
Complete Vigil@nce bulletin.... (free trial)

vulnerability announce CVE-2008-3704 CVE-2008-4252 CVE-2008-4253

Microsoft Visual, FrontPage, Project: vulnerabilities of ActiveX

Synthesis of the vulnerability

Six vulnerabilities impact the ActiveX provided with Visual Basic 6.0 Runtime Extended.
Impacted products: Office, Microsoft FrontPage, Project, Visual Studio.
Severity: 3/4.
Creation date: 10/12/2008.
Identifiers: 932349, BID-30674, BID-32591, BID-32592, BID-32612, BID-32613, BID-32614, CERTA-2008-AVI-584, CVE-2008-3074-ERROR, CVE-2008-3704, CVE-2008-4252, CVE-2008-4253, CVE-2008-4254, CVE-2008-4255, CVE-2008-4256, MS08-070, VIGILANCE-VUL-8302, ZDI-08-083.

Description of the vulnerability

Six vulnerabilities impact the ActiveX provided with Visual Basic 6.0 Runtime Extended. To exploit these vulnerabilities, the attacker has to invite the victim to display a malicious web page calling these ActiveX.

A memory corruption occurs in the DataGrid ActiveX. [severity:3/4; BID-32591, CVE-2008-4252]

A memory corruption occurs in the FlexGrid ActiveX. [severity:3/4; BID-32592, CVE-2008-4253]

An attacker can use invalid "Rows" and "Cols" parameters for the ExpandAll() and CollapseAll() methods in order to corrupt the memory of the Hierarchical FlexGrid ActiveX (mshflxgd.ocx). [severity:3/4; BID-32612, CVE-2008-4254]

A malicious AVI file creates a heap overflow in the Windows Common ActiveX (MSCOMCT2.OCX). [severity:3/4; BID-32613, CVE-2008-4255, ZDI-08-083]

A memory corruption occurs in the Charts ActiveX. [severity:3/4; BID-32614, CVE-2008-4256]

An attacker can use a long Mask parameter in order to create a buffer overflow in the Microsoft Visual Studio Msmask32.ocx ActiveX. [severity:2/4; BID-30674, CERTA-2008-AVI-584, CVE-2008-3074-ERROR, CVE-2008-3704]

These memory corruptions lead to code execution.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.