You are here

T-650: Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code

June 20, 2011 - 3:35pm

Addthis

PROBLEM:

A vulnerability was reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system.

PLATFORM:

Office XP; possibly other versions

ABSTRACT:

Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code.

reference LINKS:

Secunia Advisory: SA44923
SecurityTracker Alert ID: 1025675
Bugtraq ID: 48261
TSL ID: TSL20110614-02
PRL: 2011-07

IMPACT ASSESSMENT:

High

Discussion:

A code execution vulnerability has been reported in Microsoft Office Word. The vulnerability is due to memory corruption when parsing a specially crafted Word file.

Impact:

An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user by enticing them to open a specially crafted Word document. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 10.6866.6870. Other versions may also be affected.

Solution:

Do not open Office files from untrusted sources. No solution was available at the time of this entry.

Microsoft Download

 

Addthis