Signature Detail

HTTP: Microsoft Word RTF Stylesheet Control Word Memory Corruption

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Word products. It is due to an index error when processing RTF documents that contain more than six \stylesheet control words. A remote attacker can exploit this by enticing the target user to open a crafted RTF file. A successful attack, can lead to arbitrary code execution within the security context of the currently logged on user. In a successful code injection and execution attack, the behavior of the target depends on the intention of the attacker and is executed within the security context of the currently logged in user. In an unsuccessful code execution attack, the affected product terminates resulting in the loss of any unsaved data from the current session.

Extended Description

Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

Affected Products

• Microsoft Office 2004 for Mac
• Microsoft Office 2008 for Mac
• Microsoft Office Compatibility Pack 2007 SP1
• Microsoft Office Compatibility Pack 2007
• Microsoft Outlook 2007
• Microsoft Outlook 2007 SP1
• Microsoft Word 2000 SP2
• Microsoft Word 2000 SP3
• Microsoft Word 2000 SR1
• Microsoft Word 2000
• Microsoft Word 2002 SP1
• Microsoft Word 2002 SP2
• Microsoft Word 2002 SP3
• Microsoft Word 2002
• Microsoft Word 2003 SP1
• Microsoft Word 2003 SP2
• Microsoft Word 2003 SP3
• Microsoft Word 2007 SP1
• Microsoft Word 2007
• Microsoft Word Viewer
• Microsoft Word Viewer 2003 SP3

References

• BugTraq: 32594
• CVE: CVE-2008-4031