Office v. X contains a network-aware anti-piracy mechanism that detects multiple copies of Office using the same product identifier
(PID) running on the local network. This feature, called the Network Product Identification (PID) Checker, announces Office's own unique product ID and listens for other announcements at regular intervals. If a duplicate PID is detected, Office shuts down.
A security vulnerability results because of a flaw in the Network
PID Checker. Specifically, the Network PID Checker doesn't correctly handle a particular type of malformed announcement - receiving one causes the Network PID Checker to fail. When the Network PID fails like this, the Office v. X application will fail as well. If more than one Office v. X application was running when the packet was received, the first application launched during the session would fail. An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data. An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines
|