U radu programskog paketa Microsoft Reader ustanovljeni su višestruki sigurnosni propusti. Riječ je o besplatnoj aplikaciji koja omogućava čitanje eKnjiga na operacijskim sustavima Windows. Propusti se javljaju u "msreader.exe" komponenti prilikom analize određenih sadržaja, a također se javlja i pogreška cjelobrojnog prepisivanja te nepravilne provjere ulaznih podataka. Iskorištavanje propusta može dovesti do prepisivanja na gomili putem zlonamjerno oblikovanih LIT ili AA datoteka. Napadaču propusti omogućuju izvršavanje zlonamjernog programskog koda. Zasad nije objavljena nadogradnja koja otklanja propust.
Secunia Advisory SA44121
Microsoft Reader Multiple Vulnerabilities
Secunia Advisory SA44121
Get alerted and manage the vulnerability life cycle
Free Trial
Release Date 2011-04-13
Popularity 56 views
Comments 0 comments
Criticality level Highly criticalHighly critical
Impact System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
Microsoft Reader 2.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
Luigi Auriemma has discovered multiple vulnerabilities in Microsoft Reader, which can be exploited by malicious people to compromise a user's system.
1) An error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file.
2) An integer underflow error in msreader.exe when parsing certain eBook content can be exploited to cause a heap-based buffer overflow via a specially crafted LIT (".lit") file.
3) An input validation error in aud_file.dll when processing certain Audible Audio content can be exploited to write a NULL byte to an arbitrary memory location via a specially crafted AA (".aa") file.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 2.1.1.3143. Other versions may also be affected.
Solution
Do not open files from untrusted sources.
Provided and/or discovered by
Luigi Auriemma
Original Advisory
http://aluigi.altervista.org/adv/msreader_2-adv.txt
http://aluigi.altervista.org/adv/msreader_3-adv.txt
http://aluigi.altervista.org/adv/msreader_5-adv.txt
Posljednje sigurnosne preporuke