Critical fixes arrived for Microsoft applications in the August edition of their Patch Tuesday round of updates, including corrections for overflow vulnerabilities in image file formats in Microsoft Office. Microsoft Patches Fix Image Vulnerabilities Specially crafted files in one of several image formats could have posed remote code execution threats in Microsoft Office, the company said in one of its bulletins for August . Office 2000 was rated Critical as to its vulnerability to this; later versions of Office XP and 2003 only listed the problem as Important. "The security update addresses the vulnerabilities by modifying the way that Microsoft Office parses the length of a file before passing the file to the allocated buffer," Microsoft said of the patch, which they recommend for immediate application. Internet Explorer versions 5.01, 6 and 7 picked up fixes for five problems reported privately to the company. The update also closed a publicly disclosed flaw, one of the HTML objects memory corruption vulnerabilities Microsoft fixed in this round. A problem with the Microsoft Access report snapshot viewer received public attention in July, but no fix until this month . Someone visiting a webpage crafted to exploit the vulnerable ActiveX control involved could see arbitrary code execute on the system, with the local user's rights. Be wary of eMule : We heard from someone who said the hacker called shad0w managed to find an opening in ...
Anytime
Critical fixes arrived for Microsoft applications in the August edition of their Patch Tuesday round of updates, including corrections for overflow vulnerabilities in image file formats in Microsoft Office. Microsoft Patches Fix Image Vulnerabilities Specially crafted files in one of several image formats could have posed remote code execution threats in Microsoft Office, the company said in one of its bulletins for August . Office 2000 was rated Critical as to its vulnerability to this; later versions of Office XP and 2003 only listed the problem as Important. "The security update addresses the vulnerabilities by modifying the way that Microsoft Office parses the length of a file before passing the file to the allocated buffer," Microsoft said of the patch, which they recommend for immediate application. Internet Explorer versions 5.01, 6 and 7 picked up fixes for five problems reported privately to the company. The update also closed a publicly disclosed flaw, one of the HTML objects memory corruption vulnerabilities Microsoft fixed in this round. A problem with the Microsoft Access report snapshot viewer received public attention in July, but no fix until this month . Someone visiting a webpage crafted to exploit the vulnerable ActiveX control involved could see arbitrary code execute on the system, with the local user's rights. Be wary of eMule : We heard from someone who said the hacker called shad0w managed to find an opening in ...