Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14639
HistoryOct 12, 2006 - 12:00 a.m.

[Full-disclosure] MS06-060 Microsoft Word Memmove Code Execution

2006-10-1200:00:00
vulners.com
15
JSON

McAfee, Inc.
McAfee Avert Labs Security Advisory
Vendor Notification Date: 2006-07-06
Public Release Date: 2006-10-10

Microsoft Word Memmove Code Execution

CVE-2006-3647

  •   Synopsis

An integer bug (stack overflow) exists in the Microsoft Word file
format. The file
format allows a attacker to create a malicious Microsoft Word document
that when
opened, will execute arbitrary code.

RISK FACTOR: CRITICAL

  •   Affected software

Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2004 for Mac
Microsoft Word v. X for Mac

  •   Vulnerability Information

The specific flaw exists during the processing of a malicious
WordDocument file.
The overflow can be triggered during the parsing at offset 0xb4c in the
WordDocument
stream. At this offset, there is a WORD size that is used as the third
parameter
to a memmove call. If the size passed to memmove is > 0x8000, it will
extend to
DWORD(0x8000 = 0xffff8001), and will copy 0xffff8001 bytes to the stack.

This is a code execution vulnerability that may be exploited to
compromise users that
open a malformed Microsoft Word document.

  •   Resolution

Install the Microsoft-provided vendor patch.

  •   Credits

This vulnerability was discovered by Chen Xiao Bo of McAfee Avert Labs.

  •   Contact Information

For more information about the McAfee Avert Labs, visit our website at:
http://www.mcafee.com/us/threat_center/default.asp

  •   Legal Notice

The information contained within this advisory is Copyright (C) 2006
McAfee, Inc. It may be redistributed provided that no fee is charged
for distribution and that the advisory is not modified in any way.

McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,
Inc. and/or its affiliated companies in the United States and/or other
Countries. All other registered and unregistered trademarks in this
document are the sole property of their respective owners.

Best regards,

Dave Marcus, B.A., CCNA, MCSE
Security Research and Communications Manager
McAfee(r) Avert(r) Labs
(443) 321-3771 Office
(443) 668-0048 Mobile
McAfee Threat Center
<http://www.mcafee.com/us/threat_center/default.asp&gt;
McAfee Avert Labs Research Blog <http://www.avertlabs.com/research/blog&gt;

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

securityvulns 2
cve 3
nessus 2
securityvulns
securityvulns
MS06-060 Microsoft Word Memmove Code Execution
2006-10-13 00:00:00
Microsoft Security Bulletin MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution &#40;924554&#41;
2006-10-11 00:00:00
cve
cve
CVE-2006-4693
2006-10-10 22:07:00
CVE-2006-3647
2006-10-10 22:07:00
CVE-2006-3651
2006-10-10 22:07:00
nessus
nessus
MS06-060: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
2006-10-10 00:00:00
MS06-058 / MS06-059 / MS06-0060 / MS06-062: Vulnerabilities in Microsoft Office Allow Remote Code Execution (924163 / 924164 / 924554 / 922581) (Mac OS X)
2006-10-11 00:00:00
JSON
Related for SECURITYVULNS:DOC:14639
securityvulns2cve3nessus2