Microsoft Office Word File Information Memory Corruption Vulnerability
SECUNIA ADVISORY ID: SA37277
VERIFY ADVISORY: http://secunia.com/advisories/37277/
DESCRIPTION: A vulnerability has been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an error when parsing certain file information and can be exploited to corrupt memory via a specially crafted Word document.
Successful exploitation allows execution of arbitrary code.
SOLUTION: Apply patches.
Microsoft Office Word 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=0369fae5-958b-4eba-83a4-9c07e701c273
Microsoft Office Word 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=6b77bc62-bcbb-4b9a-97d1-a49ca0582e54
Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28-4ecf-937c-99c4b60c7c8e
Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda-451e-9ead-69e10aee7928
Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217-497e-8f65-4347f2544ed6
Microsoft Office Word Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=4cc5e6c5-7efb-4180-9a9b-0788115c91e1
Microsoft Office Word Viewer: http://www.microsoft.com/downloads/details.aspx?familyid=4cc5e6c5-7efb-4180-9a9b-0788115c91e1
PROVIDED AND/OR DISCOVERED BY: The vendor credits Jun Mao, VeriSign iDefense Labs.
ORIGINAL ADVISORY: MS09-068 (KB976307, KB973443, KB973444, KB973866, KB976828, KB976830, KB976831): http://www.microsoft.com/technet/security/Bulletin/MS09-068.mspx
———————————————————————-