Signature Detail

HTTP: Microsoft Word Documents Memory Corruption

This signature detects attempts to exploit a known vulnerability agains Microsoft Word file format document parser. A successful attack can lead to arbitrary remote code execution within the context of the user.

Extended Description

Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user. Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).

Affected Products

• Microsoft office_2000 SP1
• Microsoft office_2000 SP2
• Microsoft office_2000 SP3
• Microsoft office_2000
• Microsoft office_2000_chinese_version
• Microsoft office_2000_japanese_version
• Microsoft office_2000_korean_version
• Microsoft office_2002
• Microsoft office_2003 SP1
• Microsoft office_2003 SP2
• Microsoft office_2003 SP3
• Microsoft office_2003
• Microsoft office_2004_for_mac
• Microsoft office_xp SP1
• Microsoft office_xp SP2
• Microsoft office_xp SP3
• Microsoft office_xp
• Microsoft office_xp_developer_edition
• Microsoft word_2000 SP2
• Microsoft word_2000 SP3
• Microsoft word_2000 SR1
• Microsoft word_2000 Sr1a
• Microsoft word_2000
• Microsoft word_2000_chinese_version
• Microsoft word_2000_japanese_version
• Microsoft word_2000_korean_version
• Microsoft word_2002 SP1
• Microsoft word_2002 SP2
• Microsoft word_2002 SP3
• Microsoft word_2002
• Microsoft word_2003
• Microsoft word_2004_for_mac
• Microsoft word_viewer_2003
• Microsoft word_x_for_mac
• Microsoft works_suite_2004
• Microsoft works_suite_2005
• Microsoft works_suite_2006

References

• BugTraq: 19414
• BugTraq: 21589
• CVE: CVE-2006-3649
• CVE: CVE-2006-6561