English

Calendar Discussions Polls

RSS feeds Subscriptions Contacts

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→SA23232

Microsoft Word Multiple Memory Corruption Vulnerabilities

Secunia ID	SA23232
CVE-ID	CVE-2006-5994, CVE-2006-6561, CVE-2007-0208, CVE-2007-0209
Release Date	06 Dec 2006
Last Change	13 Feb 2007
Criticality	Extremely Critical
Solution Status	Vendor Patch
Software	Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office Word Viewer 2003 Microsoft Office XP Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Works Suite 2004 Microsoft Works Suite 2005 Microsoft Works Suite 2006
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Some vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error in the handling of certain strings in Word documents can be exploited to cause a memory corruption via a specially crafted string. NOTE: According to Microsoft, this vulnerability is already being actively exploited on a limited scale. 2) An error within the processing of counts in Word documents can be exploited to somewhat control the destination address of a memmove() call by manipulating a certain DWORD in the document used for calculating the destination address. 3) An error within the handling of macros in Word documents can be exploited to automatically execute a macro by manipulating certain properties in a Word document. 4) An error within the processing of drawing objects can be exploited to cause a memory corruption via a Word document containing a specially crafted drawing object. Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Solution	Apply patches. Microsoft Word 2000 (with Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=F1E61E6A-BE3D-4536-AF76-A11D5CE67199 Microsoft Word 2002 (with Office XP SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Word 2003 (with Office 2003 SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=882F8503-DA72-43C9-B556-A002EC58F289 Microsoft Word Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=FB59798B-AFE2-4103-9991-CBDD7686F9AD Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Works Suite 2006: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/
Reported by	1) Discovered as a 0-day. 2) disco 3) The vendor credits USAA. 4) Reported by the vendor.
Original Advisory	MS07-014 (KB929434): http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx Microsoft: http://www.microsoft.com/technet/security/advisory/929433.mspx http://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspx http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx milw0rm: http://milw0rm.com/exploits/2922