Signature Detail

HTTP: Microsoft Office Word File FIB Processing Memory Corruption

A code execution vulnerability has been reported in Microsoft Office Word. The flaw is due to the way the affected product processes specially crafted Word files. A remote attacker can exploit this vulnerability by enticing a target user to open a Word file with a malicious record. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. The behaviour of the target host is entirely dependent on the intended function of the injected code. An unsuccessful exploit attempt may terminate the affected application abnormally.

Extended Description

Microsoft Word is prone to a remote stack-buffer overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Word ('.doc') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

Affected Products

• Microsoft Office 2004 for Mac
• Microsoft Office 2008 for Mac
• Microsoft Open XML File Format Converter for Mac
• Microsoft Word 2002 SP3
• Microsoft Word 2003 SP3
• Microsoft Word Viewer
• Microsoft Word Viewer 2003 SP3

References

• BugTraq: 36950
• CVE: CVE-2009-3135