A well-known security researcher has released an advisory about–and exploit code for–two new unpatched flaws in portions of Microsoft Corp.s Office XP application suite.
The two bugs are closely related and, if used in concert, could enable an attacker to gain complete control over a vulnerable machine.
The first vulnerability is a problem with the way that Outlook 2002 handles active content objects that are embedded in HTML mail messages. If a user replies to or forwards a message with such an object in it, the active content would automatically execute on the users machine, according to an advisory released Sunday by Georgi Guninski, a Bulgarian security consultant famous for finding dozens of vulnerabilities in Microsoft products over the past several years.
The second flaw is a problem with the Host () function of the spreadsheet component in Office XP. The vulnerability allows users to create files with arbitrary names, regardless of their content. An attacker using the Outlook 2002 flaw in conjunction with this vulnerability may be able to place an executable file on the users machine, which could give him control over the PC.
Guninski said in his advisory that on March 17 he notified Microsoft, of Redmond, Wash., of the vulnerabilities. He decided to release his advisory after the company failed to produce a patch after two weeks. Microsoft security officials in the past have criticized Guninski for going public too quickly with his findings and for over-hyping problems that they dont feel warrant much attention.
Last week, Guninski released information on another Microsoft vulnerability, this one in Internet Explorer. The flaw involves a problem in the way that the OLE DB Web publishing tool interacts with IIS 5.0 and Exchange 2000, and in specific circumstances could allow an attacker to see the IIS directories of arbitrary Web servers.
Guninski posted his advisory, complete with a sample exploit, to the Bugtraq mailing list, and it also appeared on at least one other list over the weekend.
Related stories:
- IEs Handling of Cookies Flawed
- Microsoft Patches Critical Flaws