SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Word Vendors:   Microsoft
Microsoft Word Unspecified Buffer Overflow in Processing Documents Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013684
SecurityTracker URL:  http://securitytracker.com/id/1013684
CVE Reference:   CVE-2005-0558   (Links to External Site)
Updated:  Oct 4 2005
Original Entry Date:  Apr 12 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000, 2002, 2003
Description:   A vulnerability was reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted document that, when opened by the target user, will trigger a buffer overflow in Word and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

No further details were provided.

The vendor credits Alex Li with reporting this vulnerability.

Impact:   A remote user can create a specially crafted document that, when loaded by the target user, will execute arbitrary code with the privileges of the target user.
Solution:   The vendor has issued the following fixes:

Microsoft Word 2000 and Microsoft Works Suite 2001:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9F4B6868-2F94-478F-B0BC-0DA3E0571523

Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004:

http://www.microsoft.com/downloads/details.aspx?FamilyId=34998255-E004-4A29-9418-35C5818E54CB

Microsoft Office Word 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9158279D-4421-4932-9318-02CA829A9B43

Microsoft Word 2003 Viewer:

http://www.microsoft.com/downloads/details.aspx?familyid=95E24C87-8732-48D5-8689-AB826E7B8FDF&displaylang=en

A restart is not required.

A fix is also included as part of Microsoft Office 2003 SP2, available at:

http://www.microsoft.com/downloads/details.aspx?FamilyId=57E27A97-2DB6-4654-9DB6-EC7D5B4DD867&displaylang=en

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-023.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC