Internet threat level: 1
Home→Descriptions→SA30285
Microsoft Office Word Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2008-4024, CVE-2008-4025, CVE-2008-4026, CVE-2008-4027, CVE-2008-4028, CVE-2008-4030, CVE-2008-4031, CVE-2008-4837 |
| Release Date |
09 Dec 2008 |
| Last Change |
14 Jan 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Microsoft Office 2000 |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. 1) An error when processing List File Override (LFO) entries can be exploited to corrupt memory via a specially crafted Word file. 2) An integer overflow error exists when calculating the space required for the specified number of points in a polyline or polygon. This can be exploited to cause a heap-based buffer overflow during parsing of objects in Rich Text Format (.rtf) files e.g. when a user opens a specially crafted .rtf file with Word or previews a specially crafted e-mail. 3) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file. 4) An error exists when processing consecutive "\do" drawing object tags encountered in RTF documents. This can be exploited to free a heap buffer twice and corrupt memory. 5) An error when processing mismatched "\dpgroup" and "\dpendgroup" controlwords can be exploited to cause a buffer overflow via an RTF document containing an overly large number of "\dpendgroup" tags. 6) A boundary error when parsing RTF documents containing multiple drawing object tags can be exploited to cause a heap-based buffer overflow. 7) A boundary error when processing RTF documents can be exploited to overflow a static buffer via a document containing an overly large number of "\stylesheet" control words. 8) An error when processing a malformed table property can be exploited to cause a stack-based buffer overflow via a specially crafted Word document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. |
| Solution |
Apply patches. Microsoft Office Word 2000 SP3: Microsoft Office Word 2002 SP3: Microsoft Office Word 2003 SP3: Microsoft Office Word 2007: Microsoft Office Outlook 2007: Microsoft Office Word 2007 SP1: Microsoft Office Outlook 2007 SP1: Microsoft Office Word Viewer 2003: Microsoft Office Word Viewer 2003 SP3: Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: Microsoft Works 8 (requires update to Works 8.5): Microsoft Office 2004 for Mac: Microsoft Office 2008 for Mac: Open XML File Format Converter for Mac: Microsoft Office Word Viewer: |
| Reported by |
1) The vendor credits Ricardo Narvaja, Core Security Technologies. |
| Original Advisory |
MS08-072 (KB957173): Secunia Research: ZDI: TippingPoint DVLabs: Core Security Technologies: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.