FortiGuard Advisory (FGA-2006-22)

Improper Memory Access Vulnerability in Multiple Microsoft Office Products
2006.July.11

Fortinet Security Research Team (FSRT) has discovered an improper memory access vulnerability of Microsoft Portable Network Graphics Import Filter.

MS Bulletin ID: MS06-039 (915384)
CVE ID: CVE-2006-0033

Summary:

The vulnerability allows attackers, using a malformed Portable Network Graphics (PNG) file embedded in a Microsoft Office™ document, to gain complete control of a user’s machine and/or run arbitrary commands. The vulnerability exists in the Portable Network Graphics import filter (PNG32.FLT) component that is included as part of many Microsoft Office™ products.

Risk:

Critical

Software affected:

  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 1
  • Microsoft Office 2003 Service Pack 2
  • Microsoft OneNote 2003
  • Microsoft Project 2000
  • Microsoft Project 2002
  • Microsoft Project 2003
  • Microsoft Works Suite 2004
  • Microsoft Works Suite 2005
  • Microsoft Works Suite 2006

Additional Information:

There is a bug in Microsoft Portable Network Graphics Import Filter, which is used in many windows products, and is located in C:\Program Files\Common Files\Microsoft Shared\Grphflt\PNG32.FLT.

An attacker may construct a malformed .png file, when users open it using a software which uses PNG32.FLT, such as Microsoft Photo Editor, the software will cause memory access violated, if specially crafted, it may cause execution of abitary command.

This bug is due to manipulation of IDAT Image Data in PNG file.

Solution:

Microsoft users should apply the update provided by Microsoft.

Acknowledgment:

Dejun Meng of Fortinet Security Research Team.

References:



Disclaimer:

Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.

About Fortinet ( www.fortinet.com ):

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.