S-177: Vulnerabilities in Microsoft Works File Converter

02-13-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

S-177: Vulnerabilities in Microsoft Works File Converter

A remote code vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates: 1) section length headers with the .wps format; 2) section header index table information with the .wps file format; and 3) various field lengths information with the .wps file format. The risk is MEDIUM. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

odump(1) General Commands Manual odump(1) Name odump - dumps selected parts of an object file Syntax odump [ options ] file... Description The command dumps selected parts of each object file. This command works for object files and archives of object files. Options The following options are available with the command: -a Dumps the archive header for each member of the specified archive file. -f Dumps each file header. -g Dumps the global symbols from the symbol table of a RISC archive. -o Dumps each optional header. -h Dumps section headers. -i Dumps the symbolic information header. -s Dumps section contents. -r Dumps relocation information. -l Dumps line number information. -t Dumps symbol table entries. -zname Dumps line number entries for the specified function name. -c Dumps the string table. -L Interpret and print the contents of the .lib sections. -F Dumps the file descriptor table. -P Dumps the procedure descriptor table. -R Dumps the relative file index table. The command accepts these modifiers with the options: -dnumber Dumps the section number or a range of sections starting at number and ending either at the last section number or the number you specify with +d. +dnumber Dumps sections in the range beginning with the first section or beginning with the section you specify with -d. -nname Dumps information only about the specified name. This modifier works with -h, -s, -r, -l, and -t. -p Does not print headers -tindex Dumps only the indexed symbol table entry. You can also specify a range of symbol table entries by using the modifier -t with the +t option. +tindex Dumps the symbol table entries in the specified range. The range begins at the first symbol table entry or at the entry speci- fied by -t. The range ends with the specified indexed entry. -u Underlines the name of the file for emphasis. -v Dumps information symbolically rather than numerically (for example, Static rather than 0X02 ). You can use -v with all the options except -s. -zname,number Dumps the specified line number entry or a range of line numbers. The range starts at the number for the named function. +znumber Dumps line numbers for a specified range. The range starts at either the name or number specified by -z The range ends with the number specified by +z. Also, an option and its modifier can be separated by using blanks. The name can be separated from the number that modifies -z by replacing the comma with a blank. The command tries to format information in a helpful way, printing information in character, hexadecimal, octal, or decimal as appropriate. See Also a.out(5), ar(5) RISC odump(1)

Security Advisories (RSS)

S-177: Vulnerabilities in Microsoft Works File Converter

LEARN ABOUT ULTRIX

odump