SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Office Vendors:   Microsoft
Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1015631
SecurityTracker URL:  http://securitytracker.com/id/1015631
CVE Reference:   CVE-2006-0008   (Links to External Site)
Date:  Feb 14 2006
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Office in the Korean Input Method Editor. A local user can obtain elevated privileges.

A local user can access certain functionality that runs in the LocalSystem context via the Korean Input Method Editor. This can be exploited to gain System level privileges.

The vendor credits Ryan Lee of VMCraft Inc. with reporting this vulnerability.

Impact:   A local user can obtain System level privileges.
Solution:   The vendor has issued the following fixes:

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=290453DF-1CAE-4691-B20C-5D65D92216BF

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7D75BF5C-2E1D-4793-B7D1-DD372A99ECA5

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=A092BA0F-C753-444B-A572-492E4ECB2D3F

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8479C2EB-0FB6-4879-9C3D-B49BD864A71C

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=66E495E8-CD52-4E76-B20A-4471FA941556

Microsoft Office 2003 Service Pack 1 and Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=en

Microsoft Office 2003 Multilingual User Interface Packs:

http://www.microsoft.com/downloads/details.aspx?FamilyId=986F9A8D-AFE7-455A-B78D-0795CBB0E80E&displaylang=en

Microsoft Office Visio 2003 Multilingual User Interface Packs:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5A4D0A92-2DFC-4F8B-9D14-138CEA57AF96&displaylang=en

Microsoft Office Project 2003 Multilingual User Interface Packs:

http://www.microsoft.com/downloads/details.aspx?FamilyId=22C96D7F-F384-4678-9AC0-3A11B81A4C1D&displaylang=en

Microsoft Office 2003 Proofing Tools:

http://www.microsoft.com/downloads/details.aspx?FamilyId=32CF9F59-FFBD-45E5-A4D2-690183462D0F&displaylang=en

Microsoft Office Visio 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=en

Microsoft Office OneNote 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=en

Microsoft Office Project 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8E6F16E9-CD73-47D5-887E-616DB9B09591&displaylang=en

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-009.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-009.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC