09 Sep 2008
10 Sep 2008
Microsoft Office 2003 Professional Edition
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Microsoft Office OneNote, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to missing input validation when processing a URI using the "onenote://" protocol handler. This can be exploited to e.g. place files on a user's system in semi-arbitrary locations or obtain all OneNote Notebooks from the user's system via a specially crafted OneNote URI.
NOTE: According to the vendor, the vulnerability exists in a shared Office component, but can only be exploited on systems with OneNote 2007 installed.
Microsoft Office XP SP3:
Microsoft Office 2003 SP2:
Microsoft Office 2003 SP3:
2007 Microsoft Office System:
2007 Microsoft Office System SP1:
Microsoft Office OneNote 2007:
Microsoft Office OneNote 2007 SP1:
Brett Moore, Insomnia Security.