Signature Detail
Short Name |
HTTP:STC:DL:MS-WORD-BULLET |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Word Bulleted List Handling Memory Corruption |
Release Date |
2012/12/03 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Word Bulleted List Handling Memory Corruption
This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to arbitrary code execution.
Extended Description
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
Affected Products
- microsoft office_word 2000 (sp3)
- microsoft office_word 2002 (sp3)
- microsoft windows 2000 (sp4)
- microsoft windows_server 2003 (sp1)
- microsoft windows_server 2003 (sp2)
- microsoft windows_srv 2003 (-)
- microsoft windows_srv 2003 (sp1)
- microsoft windows_srv 2003 (sp1:itanium)
- microsoft windows_srv 2003 (sp2)
- microsoft windows_srv 2003 (sp2:itanium)
- microsoft windows_srv 2003 (sp2:x64)
- microsoft windows_srv 2003 (-:x64)
- microsoft windows_xp (:pro_x64)
- microsoft windows_xp (sp2)
- microsoft windows_xp (sp2:pro_x64)
- microsoft windows_xp (sp3)
References
- BugTraq: 29769
- CVE: CVE-2009-0087