CERT-MU :Vulnerability

Home | FAQ | Site Map | Contact Us

Hotline : 800 2378

To contact CERT-MU send e-mail on - info[at]cert-mu.gov.mu

To report incident e-mail on - incident[at]cert-mu.gov.mu

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2009-15

Microsoft Office Word Remote Code Execution Vulnerabilities

Original Issue Date: June 11, 2009

Severity Rating: High

Affected Softwares

Microsoft Office Suites and Components

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
2007 Microsoft Office System Service Pack 2

Microsoft Office for Mac

Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac

Other Office Software

Microsoft Office Word Viewer 2003 Service Pack 3
Microsoft Office Word Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Overview

Multiple vulnerabilities have been reported in Microsoft Office Word that could allow remote attacker to execute arbitrary code to take complete control of affected systems if a user opens a specially crafted Word file.

Description

Word Buffer Overflow Vulnerability
This vulnerability is caused due insufficient boundary condition restrictions on parameters present in specially crafted Word document, which could cause the application to perform invalid memory operations and may leads to buffer overflow condition.

Word Buffer Overflow Vulnerability
This vulnerability is caused due to insufficient boundary check while handling of overly large values present in Word document, which could cause a buffer overflow condition and may lead to corruption of memory areas.
A remote attacker could exploit these vulnerabilities by enticing naïve users to open specially crafted Word documents. Successful exploitation of these vulnerabilities could cause memory corruption conditions which could allow remote attacker to execute arbitrary code on affected systems with the privileges of currently logged-in users.

Workarounds

Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations
Configure less privilege account for normal users
Do not open or save Word files received from unknown and untrusted sources

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS09-027

CVE Name

CVE-2009-0563
CVE-2009-0565

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx

References

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=18401
http://tools.cisco.com/security/center/viewAlert.x?alertId=18402

SecurityFocus
http://www.securityfocus.com/bid/35188

Secunia
http://secunia.com/advisories/35377/

VUPEN
http://www.vupen.com/english/advisories/2009/1546