Signature Detail
Short Name |
HTTP:STC:DL:MSOFFICE-MSODLL-MC |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Office Word mso.dll LsCreateLine Memory Corruption |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.1+, isg-3.5.141421+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Office Word mso.dll LsCreateLine Memory Corruption
This signature detects attempts to exploit a known vulnerability against Microsoft Office Word. A successful attack can lead to memory corruption and arbitrary code execution.
Extended Description
Microsoft Office is reported prone to a potential code-execution vulnerability. This vulnerability occurs when the application handles a specially crafted document. A successful attack may result in a remote compromise in the context of an affected user. Attack attempts may result in a denial-of-service condition as well. Reports indicate that this issue can be triggered with a malicious Microsoft Word document; however, other Microsoft Office applications that employ the affected function are vulnerable as well.
Affected Products
- Microsoft Office 2000 SP1
- Microsoft Office 2000 SP2
- Microsoft Office 2000 SP3
- Microsoft Office 2000
- Microsoft Office 2003 SP1
- Microsoft Office 2003 SP2
- Microsoft Office 2003 SP3
- Microsoft Office 2003
- Microsoft Office XP SP1
- Microsoft Office XP SP2
- Microsoft Office XP SP3
- Microsoft Office XP
References
- BugTraq: 18905
- CVE: CVE-2006-3493