• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Office XP/Internet Explorer OWC File Creation Vulnerability

Severity: HIGH

Description:

A reliable source has announced a vulnerability affecting users of Microsoft Internet Explorer and Microsoft Office XP.

The vulnerability is related to Office Web Components (OWC), a set of plugins for MSIE that have been taken off of Microsoft's website for security reasons.

As described in Bugtraq ID 4398, it is possible to use the Microsoft spreadsheet component Host() function to create files on a client system. While this issue was addressed in a vendor-supplied fix, it is still possible to abuse this functionality via Internet Explorer. In this specific instance, it is possible to abuse OWC in combination with a malicious .xls or .xla file to cause an almost arbitrary file to be written to a client system.

This issue affects systems that still have OWC installed and may be exploited from a malicious webpage.

Affected Products:

• Microsoft Back Office Server 2000 0.0.0
• Microsoft BizTalk Server 2000 Developer Edition
• Microsoft BizTalk Server 2000 Developer Edition 0.0.0 SP1a
• Microsoft BizTalk Server 2000 Developer Edition 0.0.0 SP2
• Microsoft BizTalk Server 2000 Enterprise Edition
• Microsoft BizTalk Server 2000 Enterprise Edition 0.0.0 SP1a
• Microsoft BizTalk Server 2000 Enterprise Edition 0.0.0 SP2
• Microsoft BizTalk Server 2000 Standard Edition
• Microsoft BizTalk Server 2000 Standard Edition 0.0.0 SP1a
• Microsoft BizTalk Server 2000 Standard Edition 0.0.0 SP2
• Microsoft BizTalk Server 2002 Developer Edition
• Microsoft BizTalk Server 2002 Enterprise Edition
• Microsoft Commerce Server 2000 0.0.0
• Microsoft Commerce Server 2000 0.0.0 SP1
• Microsoft Commerce Server 2000 0.0.0 SP2
• Microsoft Commerce Server 2002 0.0.0
• Microsoft ISA Server 2000 0.0.0
• Microsoft ISA Server 2000 0.0.0SP1
• Microsoft Internet Explorer 6.0
• Microsoft Money 2002 0.0.0
• Microsoft Money 2003 0.0.0
• Microsoft Office 2000
• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office Web Components 2000 0.0.0
• Microsoft Office Web Components 2002 0.0.0
• Microsoft Office XP
• Microsoft Project 2002
• Microsoft Project Server 2002 0.0.0
• Microsoft Small Business Server 2000 0.0.0
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows XP Home
• Microsoft Windows XP Professional

References:

• Georgi Guninski: IE and .xla leads to problems

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.