Added: 06/18/2013
CVE: CVE-2013-1331
BID: 60408
OSVDB: 94127
Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.
An error in Microsoft Office 2003 SP3 for Windows when processing **PNG**
files can be exploited to cause a buffer overflow via a specially crafted file. A remote attacker who persuades the user to open the crafted **DOC**
file could execute arbitrary code in the context of the user running Microsoft Office.
Apply the patch referenced in Microsoft Security Bulletin 13-051.
<http://technet.microsoft.com/en-us/security/bulletin/ms13-051>
<http://secunia.com/advisories/53747/>
This exploit has been tested against Microsoft Office 2003 SP3 on Windows XP SP3 English (DEP OptIn).
The user must save both the **DOC**
and **PNG**
files in the same folder, open the **DOC**
file in the vulnerable Microsoft Office application, and press Alt+F9 to trigger the vulnerability.
Windows XP