Microsoft Word multiple security vulnerabilities updated since 08.05.2007
Published:		10.05.2007
Source:		MICROSOFT
SecurityVulns ID:		7678
Type:		client
Level:		6/10
Description:		Array overflows, memory corruptions on streams parsing and RTF parsing.

Affected:		MICROSOFT : Office 2000
		MICROSOFT : Office XP
		MICROSOFT : Office 2003
		MICROSOFT : Office 2004 for Mac
		MICROSOFT : Works 2004
		MICROSOFT : Works 2005
		MICROSOFT : Works 2006
CVE:		CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability.")
		CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.)
		CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability.")

Original document		IDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corruption Vulnerability (10.05.2007)
		MICROSOFT, Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) (08.05.2007)

Files:		Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Discuss:		Read or add your comments to this news (0 comments)