Signature Detail
Short Name |
HTTP:STC:DL:WORD-STRING |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Word Malformed String Memory Corruption |
Release Date |
2010/10/15 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Word Malformed String Memory Corruption
This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to memory corruption and arbitrary code execution.
Extended Description
Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. NOTE: Successful exploits of this issue may be hampered because Microsoft Office 2007 and Office 2003 SP3 will not open some older Office file formats, including Office for Macintosh documents. Exploits of this issue involve the Macintosh file format.
Affected Products
- Microsoft Word 2000 SP2
- Microsoft Word 2000 SP3
- Microsoft Word 2000 SR1
- Microsoft Word 2000 Sr1a
- Microsoft Word 2002 SP1
- Microsoft Word 2002 SP2
- Microsoft Word 2002 SP3
- Microsoft Word 2002
- Microsoft Word 2004 for Mac
References
- BugTraq: 25906
- CVE: CVE-2007-3899