Microsoft plugs Office leaks; Delivers 4 critical patches

Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered.

Here's a look by the CVE:

CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:

A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (.rtf) files. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The Zero Day Initiative gets credit for the find.

CVE-2008-1434: Microsoft's update addresses a Word cascading style sheet vulnerability. Microsoft says: "A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value." Jun Mao, working with iDefense Labs, gets credit.

CVE-2008-0119: Microsoft fixed a vulnerability in Microsoft Publisher. Microsoft says:

A remote code execution vulnerability exists in the way Microsoft Publisher validates object header data. An attacker could exploit the vulnerability by sending a specially crafted Publisher file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Cocoruder of Fortinet Security Research gets credit for the find. Office 2000, 2003, 2007 impacted.

CVE-2007-6026: Microsoft patched Windows 2000 Service Pack 4, Windows XP and Windows Server 2003 due to a buffer overrun vulnerability. Microsoft says:

A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

CERT, ISC/SANS and Aaron Portnoy of TippingPoint DVLabs get credit for reporting the issue.

Two moderate vulnerabilities were patched affecting Microsoft Live OneCare, Antigen, Windows Defender and Forefront.

CVE-2008-1437: Microsoft says:

A denial of service vulnerability exists in the way that the Microsoft Malware Protection Engine processes specially crafted files. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.

And CVE-2008-1438: Same vulnerability except this one allows an "attacker who successfully exploited this vulnerability could cause disk-space exhaustion, leading to a denial of service condition and automatic restart."