English

Calendar Discussions Polls

RSS feeds Subscriptions Contacts

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→SA23205

Microsoft Word Malformed Data Structures Vulnerability

Secunia ID	SA23205
CVE-ID	CVE-2006-6456
Release Date	11 Dec 2006
Last Change	14 Feb 2007
Criticality	Extremely Critical
Solution Status	Vendor Patch
Software	Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office Word Viewer 2003 Microsoft Office XP Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing data structures. This can be exploited to cause a memory corruption via specially crafted data structures in a Word document. NOTE: The vulnerability is already being actively exploited.
Solution	Apply patches. Microsoft Word 2000 (with Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=F1E61E6A-BE3D-4536-AF76-A11D5CE67199 Microsoft Word 2002 (with Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Word 2003 (with Office 2003 SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=882F8503-DA72-43C9-B556-A002EC58F289 Microsoft Word Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=FB59798B-AFE2-4103-9991-CBDD7686F9AD Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Works Suite 2006: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/
Reported by	Reported as a 0-day. The vendor also credits Shih-hao Weng, Information and Communication Security Technology Center.
Original Advisory	MS07-014 (KB929434): http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx Microsoft: http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx