Internet threat level: 1
Home→Descriptions→SA21735
Microsoft Word Code Execution Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
05 Sep 2006 |
| Last Change |
13 Oct 2006 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Microsoft Office 2000 |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. 1) An unspecified boundary error in WINWORD.EXE when processing Word documents can be exploited to cause a buffer overflow via a specially crafted document. NOTE: The vulnerability is being actively exploited. 2) An unspecified boundary error within the parsing of certain strings can be exploited to cause a buffer overflow via a specially crafted document. 3) An unspecified boundary error within the handling of mail merge files can be exploited to cause a buffer overflow via a specially crafted document. 4) An unspecified error within the parsing of certain strings can be exploited to execute arbitrary code via a specially crafted document. Successful exploitation of the vulnerabilities allows execution of arbitary code. |
| Solution |
Apply patches. Microsoft Office 2000 SP3 / Microsoft Word 2000: Microsoft Office XP SP3 / Microsoft Word 2002: Microsoft Office 2003 (SP1 or SP2) / Microsoft Office Word 2003 Microsoft Office Word 2003 Viewer: Microsoft Works Suites (2004/2005/2006): Microsoft Office 2004 for Mac: Microsoft Office v. X for Mac: |
| Reported by |
1) Discovered in the wild as a 0-day |
| Original Advisory |
MS06-060 (KB924554): Microsoft: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.