Arbitrary code execution in Microsoft Word

Posted: October 24, 2012 in Vulnerabilities
Tags: , ,

Microsoft Word alertVulnerability: Arbitrary code execution in Microsoft Word

Danger: High
Number of vulnerabilities: 1

Impact: System Compromise
CWE ID: CWE-119: An error occurred in the buffer
Exploit: PoC code

Affected Products:

  • Microsoft Office 2007
  • Microsoft Office Word 2007
  • Microsoft Office 2010
  • Microsoft Word 2010

Affected versions:

  • Microsoft Office 2007
  • Microsoft Word 2007
  • Microsoft Office 2010
  • Microsoft Word 2012

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insufficient bounds checking when processing tables. Doc files. This can be exploited. Doc file to cause a buffer overflow on the stack and crash the application or execute arbitrary code on the target system.

Manufacturer: Microsoft Corporation

Solution: The way to eliminate the vulnerability does not exist at present.

links:

http://1337day.com/exploit/19619

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s