Fortinet Discovers Microsoft Office Project Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered memory corruption vulnerability in Microsoft Office Project.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jul 17, 2009
Use the solution provided by Microsoft.
The vulnerability lies in "winproj.exe", which is used when processing a Project file. A maliciously crafted document may contain a list structure with a malformed element field, that when processed, will result in memory corruption and allow a remote attacker to arbitrarily execute code on the victims machine.
Bing Liu of Fortinet's FortiGuard Labs