ActuaryTm
Diamond Member
Source: Secunia - Parsing Buffer Overflow Vulnerability
News Story: News.com October 7, 2004, 3:26 PM PT
Secunia Advisory: SA12758
Release Date: 2004-10-07
Critical: Highly critical
Impact: DoS System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Office 2000, Microsoft Office XP, Microsoft Word 2000, Microsoft Word 2002
Description:
HexView has discovered a vulnerability in Microsoft Word, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
The vulnerability is caused due to an input validation error within the parsing of document files and may lead to a stack-based buffer overflow.
This can be exploited to crash the process when the user opens a specially crafted document. However, due to the nature of the problem, execution of arbitrary code may potentially also be possible, though it has not been proven.
The vulnerability has been confirmed in Microsoft Word 2000, but has also been reported in Microsoft Word 2002.
Solution:
Open trusted documents only.
For Internet Explorer users, documents on web sites can be opened automatically in the browser, unless the security level for the "Internet" security zone is set to "High" or the "File download" setting has been disabled.
Provided and/or discovered by:
HexView
News Story: News.com October 7, 2004, 3:26 PM PT
Secunia Advisory: SA12758
Release Date: 2004-10-07
Critical: Highly critical
Impact: DoS System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Office 2000, Microsoft Office XP, Microsoft Word 2000, Microsoft Word 2002
Description:
HexView has discovered a vulnerability in Microsoft Word, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
The vulnerability is caused due to an input validation error within the parsing of document files and may lead to a stack-based buffer overflow.
This can be exploited to crash the process when the user opens a specially crafted document. However, due to the nature of the problem, execution of arbitrary code may potentially also be possible, though it has not been proven.
The vulnerability has been confirmed in Microsoft Word 2000, but has also been reported in Microsoft Word 2002.
Solution:
Open trusted documents only.
For Internet Explorer users, documents on web sites can be opened automatically in the browser, unless the security level for the "Internet" security zone is set to "High" or the "File download" setting has been disabled.
Provided and/or discovered by:
HexView
