Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:DL:WORD-RTF-MEM

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Word RTF File Handling Memory Corruption

Release Date

 2010/10/25

Update Number

 1798

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft Word RTF File Handling Memory Corruption


This signature detects attempts to exploit a known heap overflow vulnerability in the way Microsoft Word and Microsoft Outlook process Rich Text Format (RTF) files. It is due to an integer overflow while parsing Control Words inside a malicious RTF file. A remote attacker can exploit this by enticing the target user to open a crafted RTF file or an RTF formatted e-mail using the affected applications, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful attack, the behavior of the target depends on the intention of the attacker. In an unsuccessful code execution attack, the affected product terminates resulting in the loss of any unsaved data from the current session.

Extended Description

Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

Affected Products

  • Microsoft office_2003 SP1
  • Microsoft office_2003 SP2
  • Microsoft office_2003 SP3
  • Microsoft office_2003
  • Microsoft office_2004_for_mac
  • Microsoft office_2007 SP1
  • Microsoft office_2007
  • Microsoft office_2008_for_mac
  • Microsoft office_compatibility_pack_2007 SP1
  • Microsoft office_compatibility_pack_2007
  • Microsoft office_xp SP1
  • Microsoft office_xp SP2
  • Microsoft office_xp SP3
  • Microsoft office_xp
  • Microsoft outlook_2007
  • Microsoft outlook_2007_sp1
  • Microsoft word_2000 SP2
  • Microsoft word_2000 SP3
  • Microsoft word_2000 SR1
  • Microsoft word_2000 Sr1a
  • Microsoft word_2000
  • Microsoft word_2002 SP1
  • Microsoft word_2002 SP2
  • Microsoft word_2002 SP3
  • Microsoft word_2002
  • Microsoft word_2003 SP1
  • Microsoft word_2003 SP2
  • Microsoft word_2003 SP3
  • Microsoft word_2003
  • Microsoft word_2007 SP1
  • Microsoft word_2007
  • Microsoft word_viewer_2003 SP3
  • Microsoft word_viewer_2003

References

  • BugTraq: 29104
  • CVE: CVE-2008-1091

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out