July 25, 2014

Vulnerabilities: Microsoft Office TIFF Image Converter

Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user’s system.

An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image.

Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a
specially crafted TIFF image.

According to Secunia research, the successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

Microsoft Office XP SP3, Microsoft Office Converter Pack and Microsoft Works 9 are affected software but other versions may also be affected.

These two vulnerabilities rated critical and Microsoft has released a security patch (MS10-105) to fix the issues.

Source:[http://secunia.com/secunia_research/2009-30/]