Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: MS06-039: vulnerabilities in Microsoft Office GIF and PNG parsers - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-039: vulnerabilities in Microsoft Office GIF and PNG parsers
This patch fixes two vulnerabilities in all Microsoft Office products (Office 2000, XP, 2003 are affected, as well as Project 2000, 2002 and Microsoft Works 2004, 2005, 2006). Microsoft Office for Mac is not affected.

The vulnerabilities can be exploited by crafting a special GIF or PNG graphic files. In both cases the user needs to open the file so, while this vulnerability can not be exploited automatically through e-mail, it is still very easy to get user into opening a file.
It is worth mentioning that, when the file is hosted on a web site, Office 2000 does not prompt the user before opening the document (which means that it's enough for a user to click on a link leading to the file).

As the only workarounds are not to open or save files "you receive from un-trusted sources or that you received unexpectedly from trusted sources" you should patch as soon as possible.

MS advisory is at

CVEs are at and

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Pen Test Hackfest Europe 2022 - Berlin


403 Posts
ISC Handler
Jul 11th 2006

Sign Up for Free or Log In to start participating in the conversation!