Signature Detail

HTTP: Microsoft Office Word File FIB Processing Memory Corruption

A code execution vulnerability has been reported in Microsoft Office Word. The flaw is due to the way the affected product processes specially crafted Word files. A remote attacker can exploit this vulnerability by enticing a target user to open a Word file with a malicious record. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. The behaviour of the target host is entirely dependent on the intended function of the injected code. An unsuccessful exploit attempt may terminate the affected application abnormally.

Extended Description

Microsoft Word is prone to a remote stack-buffer overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Word ('.doc') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

Affected Products

• Microsoft office_2004_for_mac
• Microsoft office_2008_for_mac
• Microsoft open_xml_file_format_converter_for_mac
• Microsoft word_2002 SP3
• Microsoft word_2003 SP3
• Microsoft word_viewer
• Microsoft word_viewer_2003 SP3

References

• BugTraq: 36950
• CVE: CVE-2009-3135