Microsoft Office Graphics Filters Could Allow Remote Code Execution (MS10-105)
( MS10-105, CVE-2010-3945, CVE-2010-3946, CVE-2010-3951, CVE-2010-3952 )
Summary
Four remote code execution vulnerabilities have been discovered in Microsoft Office when handling CGM, PICT, and FlashPix images. A remote attacker could exploit these issues by crafting malformed images and embedding them in an Office document file, and convincing a user to open that file. Successful exploitation of any of these vulnerabilities may allow execution of arbitrary code on a target system.
Details
Computer Graphics Metafile (CGM) is a free and open international standard file format for 2D vector graphics, raster graphics, and text. PICT is a graphics file format that allows the interchange of bitmapped and vector graphics between Mac applications. FlashPix (FPX) is a bitmapped computer graphics file format where the image is saved in more than one resolution.
The vulnerabilities are due to errors in Microsoft Office's handling of these image file formats. A remote attacker can leverage these issues by convincing a user to open an Office document containing a specially crafted CGM, PICT, or FPX image. By persuading a user to open the malformed file, the attacker could take complete control of an affected system.
Affected Products
The CGM and PICT issues exist in Microsoft Office XP SP3, Microsoft Office 2003 SP3, and the Microsoft Office Converter Pack. The FPX issues are in Microsoft Office XP SP3 and the Microsoft Office Converter Pack.
Solution
Check Point IPS Software Blade, IPS-1, and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking malformed CGM, PICT, and FPX images over HTTP. For more information, see CPAI-2010-337, CPAI-2010-336, CPAI-2010-335, and CPAI-2010-334.
Originally Published:
Last Updated: 14-Dec-2010