Tuesday 14 September 2004

MS Security Bulletins - 14 September

Two MS Security Bulletins issued today.

Microsoft Security Bulletin MS04-027

Vulnerability in WordPerfect Converter Could Allow Code Execution

A vulnerability exists in various Microsoft Office products, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the WordPerfect Converter and can be exploited to cause a buffer overflow if a user opens a malicious document.

References:

Microsoft Security Bulletin MS04-028

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution

A vulnerability exists in multiple Microsoft products, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the GDI+ JPEG Parsing component (Gdiplus.dll). This can be exploited to cause a buffer overflow by tricking a user into viewing a specially crafted JPEG image with any application using the vulnerable component for JPEG image processing.

Successful exploitation allows execution of arbitrary code with the privileges of the user. However, users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

References:

Related Tools

Related Reading