Advisories » Microsoft Word Unspecified Remote Memory Corruption Vulnerability (MS07-060)
| Release Date: | 09/10/2007 | Severity: | Extremely Critical  |
| SecWatch Advisory: | SWID1019210 | Cause: | Not specified |
| Solution Status: | Vendor Patch | Impact: | Execution of arbitrary code |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | Microsoft Office 2000 Microsoft Office 2004 for Mac Microsoft Office XP Microsoft Word 2000 Microsoft Word 2002 |
||
Description:
A vulnerability in Microsoft Word has been reported, which can be exploited by remote users to compromise a user's system.
An error exists when handling malformed Office files, which can be exploited corrupt memory and execute arbitrary code by e.g. tricking a user to open a crafted file.
Solution:
The vulnerability has been fixed, apply patches.
Microsoft Office 2000 SP3:
http://www.microsoft.com/downl...FB-5933-47F7-A498-13A93E268E57
Microsoft Office XP SP3:
http://www.microsoft.com/downl...BB-03FF-4F67-8B69-6011FB18BA75
Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac/d.../mac/downloads.aspx#Office2004
Credits:
Liu Kun-Hao, Information and Communication Security Technology Center.
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.
Related Vulnerabilities and Exploits
21 Mar 08: Microsoft Office Excel Code Execution Exploit (M.. (zha0_ms08_014.rar)
11 Mar 08: Microsoft Excel Multiple Remote Code Execution Vulnerabilities
16 Jan 08: Microsoft Excel File Handling Remote Arbitrary Code Execution Vul..
15 Feb 07: Microsoft Word Unspecified Document Handling Remote Memory Corrup..
05 Feb 07: Microsoft Office Unspecified Remote Command Execution Vulnerabili..