=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN444
_____________________________________________________________________

DATE                      : 10/11/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Office,
                             Open XML File Format Converter for Mac.

======================================================================
KB2423930
http://www.microsoft.com/technet/security/bulletin/MS10-087.mspx
______________________________________________________________________

Microsoft Security Bulletin MS10-087 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

Version: 1.0

General Information

Executive Summary

This security update resolves one publicly disclosed vulnerability and four
privately reported vulnerabilities in Microsoft Office. The most severe
vulnerability could allow remote code execution if a user opens or previews a
specially crafted RTF e-mail message. An attacker who successfully exploited
any of these vulnerabilities could gain the same user rights as the local
user. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user
rights.

This security update is rated Critical for all supported editions of Microsoft
Office 2007 and Microsoft Office 2010. This security update is also rated
Important for all supported editions of Microsoft Office XP, Microsoft Office
2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and
Microsoft Office for Mac 2011; and Open XML File Format Converter for Mac.
For more information, see the subsection, Affected and Non-Affected Software,
in this section.

Affected Software

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office 2004 for Mac[1]
Microsoft Office 2008 for Mac[1]
Microsoft Office for Mac 2011
Open XML File Format Converter for Mac[1]

[1]The security updates for Microsoft Office 2004 for Mac, Microsoft Office
2008 for Mac, and Open XML File Format Converter for Mac are unavailable at
this time.

Vulnerability Information

RTF Stack Buffer Overflow Vulnerability - CVE-2010-3333

A remote code execution vulnerability exists in the way that affected
Microsoft Office software parses specially crafted Rich Text Format (RTF)
formatted data. An attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts with
full user rights. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.

Office Art Drawing Records Vulnerability - CVE-2010-3334

A remote code execution vulnerability exists in the way that Microsoft
Office software parses specially crafted Office files. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights.

Drawing Exception Handling Vulnerability - CVE-2010-3335

A remote code execution vulnerability exists in the way that Microsoft
Office software parses specially crafted Office files. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights.

MSO Large SPID Read AV Vulnerability - CVE-2010-3336

A remote code execution vulnerability exists in the way that Microsoft
Office software parses specially crafted Office files. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights.

Insecure Library Loading Vulnerability - CVE-2010-3337

A remote code execution vulnerability exists in the way that Microsoft
Office handles the loading of DLL files. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Users whose accounts
are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================