SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Word Vendors:   Microsoft
Microsoft Word Buffer Overflows Let Remote USers Execute Arbitrary Code
SecurityTracker Alert ID:  1022356
SecurityTracker URL:  http://securitytracker.com/id/1022356
CVE Reference:   CVE-2009-0563, CVE-2009-0565   (Links to External Site)
Date:  Jun 9 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP3, XP SP3, 2003 SP3, 2007 Microsoft Office System Service Pack 2, 2004 for Mac, 2008 for Mac, Open XML File Format Converter for Mac; and prior service packs
Description:   Two vulnerabilities were reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a Word file that contains a specially crafted record that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Wushi of team509 (via TippingPoint) and Nicolas Joly of VUPEN Security reported these vulnerabilities.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Office 2000 Service Pack 3, Microsoft Office Word 2000 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=3663e9f2-a952-4238-b902-90b5b09feb38

Microsoft Office XP Service Pack 3, Microsoft Office Word 2002 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=f1323be1-15f2-491b-abae-c03ba1394398

Microsoft Office 2003 Service Pack 3, Microsoft Office Word 2003 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=7cbc2587-2c8c-49b4-9f40-e4cdccb61ecd

2007 Microsoft Office System Service Pack 1, Microsoft Office Word 2007 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=7e205108-4c28-4cab-a4d0-4ed3fd696473

2007 Microsoft Office System Service Pack 2, Microsoft Office Word 2007 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7e205108-4c28-4cab-a4d0-4ed3fd696473

Microsoft Office 2004 for Mac:

http://www.microsoft.com/downloads/details.aspx?familyid=5557bfb7-ebb4-4c42-8042-41e830c4e550

Microsoft Office 2008 for Mac:

http://www.microsoft.com/downloads/details.aspx?familyid=58326da2-eb75-4b42-b1bc-e70319defb58

Open XML File Format Converter for Mac:

http://www.microsoft.com/downloads/details.aspx?familyid=9d6d9eaa-8442-4184-8886-faab2803bde6

Microsoft Office Word Viewer 2003 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=82980a40-f10c-4f02-b06c-3a12d4434a6b

Microsoft Office Word Viewer:

http://www.microsoft.com/downloads/details.aspx?familyid=82980a40-f10c-4f02-b06c-3a12d4434a6b

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=63bd8f14-e736-46ce-af66-d30f17461e5a

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=63bd8f14-e736-46ce-af66-d30f17461e5a

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-027.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC