Microsoft Windows and Office Rich Edit components code execution

ms-richedit-code-execution (30592) The risk level is classified as HighHigh Risk

Description:

Microsoft Windows and Office could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the Rich Edit components. By embedding a malformed OLE object within a Rich Text file (RTF) and persuading a victim to open the file, a remote attacker could corrupt memory and execute arbitrary code on the system with the privileges of the victim. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or sending the file as an email attachment.

Platforms Affected:

  • Microsoft, Access 2000
  • Microsoft, Access 2002
  • Microsoft, Access 2003
  • Microsoft, Excel 2000
  • Microsoft, Excel 2002
  • Microsoft, Excel 2003
  • Microsoft, Excel Viewer 2003
  • Microsoft, FrontPage 2000
  • Microsoft, FrontPage 2002
  • Microsoft, FrontPage 2003
  • Microsoft, Global Input Method Editor for Office 2000 ja
  • Microsoft, Learning Essentials 1.0
  • Microsoft, Learning Essentials 1.1
  • Microsoft, Learning Essentials 1.5
  • Microsoft, Office 2000 SP3
  • Microsoft, Office 2003 SP2
  • Microsoft, Office XP SP3
  • Microsoft, Office InfoPath 2003
  • Microsoft, Office Multilingual User Interface Pack 2000
  • Microsoft, OneNote 2003
  • Microsoft, Outlook 2000
  • Microsoft, Outlook 2002
  • Microsoft, Outlook 2003
  • Microsoft, PowerPoint 2000
  • Microsoft, PowerPoint 2002
  • Microsoft, PowerPoint 2003
  • Microsoft, Project 2000 SR1
  • Microsoft, Project 2002 SP2
  • Microsoft, Project 2003
  • Microsoft, Publisher 2000
  • Microsoft, Publisher 2002
  • Microsoft, Publisher 2003
  • Microsoft, Visio 2002 SP2
  • Microsoft, Visio 2002
  • Microsoft, Visio 2003
  • Microsoft, Windows 2000 SP4
  • Microsoft, Windows 2003
  • Microsoft, Windows 2003 Server SP1 Itanium
  • Microsoft, Windows 2003 Server SP1
  • Microsoft, Windows 2003 Server Itanium
  • Microsoft, Windows 2003 Server x64
  • Microsoft, Windows XP Professional x64
  • Microsoft, Windows XP SP2
  • Microsoft, Word 2000
  • Microsoft, Word 2002
  • Microsoft, Word 2003
  • Microsoft, Word Viewer 2003

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS07-013. See References.

Consequences:

Gain Access

References:

  • Microsoft Security Bulletin MS07-013, Vulnerability in Microsoft Rich Edit Could Allow Remote Code Execution (918118) at http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx.
  • ASA-2007-087: MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
  • BID-21876: Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability
  • CVE-2006-1311: The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
  • OSVDB ID: 31886: Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution
  • SA24152: Microsoft RichEdit OLE Dialog Memory Corruption Vulnerability
  • SECTRACK ID: 1017640: Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
  • SECTRACK ID: 1017641: Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
  • US-CERT VU#368132: Microsoft RichEdit vulnerable to remote code execution via malformed embedded OLE object
  • VUPEN/ADV-2007-0582: Microsoft Windows and Office RichEdit Remote Code Execution Vulnerability (MS07-013)

Reported:

Feb 13, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page