Check Point Advisories

Preemptive Protection against Microsoft Office BMP Integer Overflow Vulnerability (MS09-062)

Check Point Reference: CPAI-2009-208
Date Published: 13 Oct 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Microsoft Security Bulletin MS09-062
Industry Reference:CVE-2009-2518
Protection Provided by:
Who is Vulnerable? Microsoft Office XP SP3
Vulnerability Description A remote code execution vulnerability has been discovered in the way that Microsoft Office handles specially crafted Office Documents containing BMP images. BMP is an image file format used to store bitmap digital images. A remote attacker could exploit this issue via a malformed BMP file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS09-062
Vulnerability DetailsThe vulnerability is due to an error in GDI+ that fails to properly parse BMP files with malformed headers. A remote attacker could trigger this flaw by convincing a victim to open an office file that contains a specially crafted BMP file. Successful exploitation of this issue may allow the attacker to take complete control of the affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK