Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:WORD-FONT |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Microsoft Word Font Parsing Buffer Overflow |
Release Date |
2010/10/04 |
Update Number |
1784 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Word Font Parsing Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Word. An attacker can create a malicious Web site with Web pages containing dangerous Word files, which if accessed by a victim, allows the attacker gain control of the victim's computer.
Extended Description
Microsoft Word is affected by a remote buffer overflow vulnerability. This vulnerability presents itself when a .doc file contains specific malformed input. Upon attempting to read the malformed .doc file, the affected application fails to properly validate data within the file. This may result in the attacker being able to control the flow of program execution. Attackers may exploit this vulnerability to execute arbitrary code in the context of the victim user attempting to access the malformed Word file.
Affected Products
- Microsoft office_2000 SP1
- Microsoft office_2000 SP2
- Microsoft office_2000 SP3
- Microsoft office_2000
- Microsoft office_xp SP1
- Microsoft office_xp SP2
- Microsoft office_xp SP3
- Microsoft office_xp
- Microsoft word_2000 SP2
- Microsoft word_2000 SP3
- Microsoft word_2000 SR1
- Microsoft word_2000 Sr1a
- Microsoft word_2000
- Microsoft word_2002 SP1
- Microsoft word_2002 SP2
- Microsoft word_2002 SP3
- Microsoft word_2002
- Microsoft works_2000
- Microsoft works_suite_2001
- Microsoft works_suite_2002
- Microsoft works_suite_2003
- Microsoft works_suite_2004
References
- BugTraq: 14216
- CVE: CVE-2005-0564
- CVE: CVE-2005-1191