Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Word multiple security vulnerabilities
updated since 08.05.2007
Published:10.05.2007
Source:
SecurityVulns ID:7678
Type:client
Threat Level:
6/10
Description:Array overflows, memory corruptions on streams parsing and RTF parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
CVE:CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability.")
 CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.)
 CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corruption Vulnerability (10.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) (08.05.2007)
Files:Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod