Microsoft Office PNG File Handling Buffer Overflow

Added: 06/18/2013
CVE: CVE-2013-1331
BID: 60408
OSVDB: 94127


Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.


An error in Microsoft Office 2003 SP3 for Windows when processing PNG files can be exploited to cause a buffer overflow via a specially crafted file. A remote attacker who persuades the user to open the crafted DOC file could execute arbitrary code in the context of the user running Microsoft Office.


Apply the patch referenced in Microsoft Security Bulletin 13-051.



This exploit has been tested against Microsoft Office 2003 SP3 on Windows XP SP3 English (DEP OptIn).

The user must save both the DOC and PNG files in the same folder, open the DOC file in the vulnerable Microsoft Office application, and press Alt+F9 to trigger the vulnerability.


Windows XP

Back to exploit index