Internet threat level: 1
Home→Descriptions→SA24122
Microsoft Word Three Code Execution Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
15 Feb 2007 |
| Last Change |
09 May 2007 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Microsoft Office 2000 |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Some vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error within the handling of data in arrays can be exploited via a specially crafted Word document. 2) An unspecified error when handling objects in Word Document streams can be exploited to cause memory corruption via a specially crafted Word document. NOTE: This vulnerability is currently being actively exploited. 3) An unspecified error when processing certain rich text (RTF) properties can be exploited to cause memory corruption via a specially crafted file. Successful exploitation of the vulnerabilities allows execution of arbitrary code. |
| Solution |
Apply patches. Microsoft Word 2000 (Office SP3): Microsoft Word 2002 (Office SP3) Microsoft Word 2003 (Office SP2): Microsoft Word Viewer 2003: Microsoft Office 2004 for Mac: Microsoft Works Suite 2004: Microsoft Works Suite 2005: Microsoft Works Suite 2006: |
| Reported by |
1) Reported by the vendor. |
| Original Advisory |
MS07-024 (KB934232): Microsoft: iDefense Labs: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.