Microsoft Word Malformed Function Memory Corruption

Secunia ID	SA23950
CVE-ID	CVE-2007-0515
Release Date	26 Jan 2007
Last Change	13 Feb 2007
Criticality	Extremely Critical
Solution Status	Vendor Patch
Software	Microsoft Office 2000 Microsoft Office 2004 for Mac Microsoft Word 2000
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when parsing malformed functions. This can be exploited to corrupt memory via a specially crafted function in a Word document. Successful exploitation allows execution of arbitrary code. NOTE: The vulnerability is currently being actively exploited.
Solution	Apply patches. Microsoft Word 2000 (with Office 2000 SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=F1E61E6A-BE3D-4536-AF76-A11D5CE67199 Microsoft Office 2004 for Mac: http://www.microsoft.com/mac/
Reported by	Discovered as a 0-day.
Original Advisory	MS07-014 (KB929434): http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx Microsoft: http://www.microsoft.com/technet/security/advisory/932114.mspx http://blogs.technet.com/msrc/archive/2007/01/26/microsoft-security-advisory-932114-posted.aspx