Internet threat level: 1
Home→Descriptions→SA30143
Microsoft Word Two Code Execution Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
13 May 2008 |
| Last Change |
14 May 2008 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Microsoft Office 2000 |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. 1) An error when parsing objects in rich text format (.rtf) files can be exploited to cause a heap-based buffer overflow e.g. when a user opens a specially crafted .rtf file containing malformed strings with Word or previews a specially crafted e-mail containing malformed strings as rich text or HTML. 2) An error exists in the processing of cascading style sheets (CSS) values and can be exploited to corrupt memory when a specially crafted HTML file is opened using Word. Successful exploitation may allow execution of arbitrary code. |
| Solution |
Apply updates. Microsoft Office 2000 SP3: Microsoft Office XP SP3: Microsoft Office 2003 SP2/SP3: 2007 Microsoft Office System (optionally with SP1): Microsoft Word Viewer 2003 (optionally with SP3): Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (optionally with SP1): Microsoft Office 2004 for Mac: Microsoft Office 2008 for Mac: |
| Reported by |
1) wushi, team509 via Zero Day Initiative (ZDI). |
| Original Advisory |
MS08-026: iDefense Labs: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.