Zero-Day Advisory
Fortinet Discovers Microsoft Office Project Memory Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered memory corruption vulnerability in Microsoft Office Project.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:MS.Project.Props.List.Memory.Corruption
Released Jul 17, 2009
Use the solution provided by Microsoft.
Additional Information
The vulnerability lies in "winproj.exe", which is used when processing a Project file. A maliciously crafted document may contain a list structure with a malformed element field, that when processed, will result in memory corruption and allow a remote attacker to arbitrarily execute code on the victims machine.
Acknowledgement
Bing Liu of Fortinet's FortiGuard Labs