{"vuid":"VU#668564","idnumber":"668564","name":"Microsoft Office fails to properly handle GIF images","keywords":["Microsoft Office","remote code execution","GIF file","ms06-jul"],"overview":"Microsoft Office applications fail to properly handle GIF images. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Microsoft Office applications fail to properly parse GIF images. When an Office document containing a malformed GIF image is opened with an Office application, system memory can be corrupted in a way that may allow an attacker to execute arbitrary code. More information, including a list of affected Office applications, is available in Microsoft Security Bulletin MS06-039.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code.","resolution":"Apply a patch from your vendor \nMicrosoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin  MS06-039.","workarounds":"Do not access Office documents from untrusted sources By only accessing Office documents, such as spreadsheets or Microsoft Word documents, from trusted or known sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin \nMS06-039\n. Microsoft credits \nthe NSFocus Security Team with providing information regarding this vulnerability.","author":"This document was written by Jeff Gennari.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","6","-","0","3","9",".","m","s","p","x"],"cveids":["CVE-2006-0007"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-07-11T18:43:43Z","publicdate":"2006-07-11T00:00:00Z","datefirstpublished":"2006-07-11T20:33:03Z","dateupdated":"2006-07-11T21:07:49Z","revision":9,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"2","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"17.634375","cam_scorecurrentwidelyknown":"21.6421875","cam_scorecurrentwidelyknownexploited":"36.0703125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.634375,"vulnote":null}