Signature Detail

HTTP: Microsoft Word dpcallout RTF Control Word Handling Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Word products. It is due to an logic error when processing RTF documents that contain unexpected control words following a dpcallout control word. A remote attacker can exploit this by enticing the target user to open a crafted RTF file. A successful attack can lead to arbitrary code injection and execution within the security context of the currently logged on user. The behavior of the target depends on the intention of the attacker. In an unsuccessful attack, the affected product terminates resulting in the loss of any unsaved data from the current session.

Extended Description

Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

Affected Products

• Microsoft office_2004_for_mac
• Microsoft office_2008_for_mac
• Microsoft office_compatibility_pack_2007 SP1
• Microsoft office_compatibility_pack_2007
• Microsoft open_xml_file_format_converter_for_mac
• Microsoft outlook_2007
• Microsoft outlook_2007_sp1
• Microsoft word_2000 SP2
• Microsoft word_2000 SP3
• Microsoft word_2000 SR1
• Microsoft word_2000
• Microsoft word_2002 SP1
• Microsoft word_2002 SP2
• Microsoft word_2002 SP3
• Microsoft word_2002
• Microsoft word_2003 SP1
• Microsoft word_2003 SP2
• Microsoft word_2003 SP3
• Microsoft word_2003
• Microsoft word_2007 SP1
• Microsoft word_2007
• Microsoft word_viewer
• Microsoft word_viewer_2003 SP3

References

• BugTraq: 32585
• CVE: CVE-2008-4028