Unchecked Buffer in Office 2000 Runs Arbitrary Code

 

Reported August 9, 2000 by Jesper M. Johansson

VERSIONS EFFECTED
  • Microsoft Excel 2000
  • Microsoft W
o rd 2000
  • Microsoft Powerpoint 2000

    DESCRIPTION

    An unchecked buffer exists in the code that parses data object tags within HTML-based Office 2000 documents. The flaw can be used to overflow the buffer space where arbitrary code could then be run on the system.

    VENDOR RESPONSE

    Microsoft issued FAQ #FQ00-056, Support Online article Q269880, as well as patch for the Office 2000 with Service Release 1 (SR-1 required to load the patch)

    CREDIT

    Discovered by Jesper M. Johansson
  • TAGS: Security
    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish