Date: 14 February 2007
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2007.0020 -- AUSCERT ALERT
[Win][OSX]
Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (929434)
14 February 2007
===========================================================================
AusCERT Alert Summary
---------------------
Product: Microsoft Office 2000, XP, 2004
Microsoft Word 2000, 2002, 2003
Microsoft Word Viewer 2003
Microsoft Works Suite 2004, 2005, 2006
Microsoft Office 2004 for Mac
Publisher: Microsoft
Operating System: Windows
Mac OS X
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2007-0515 CVE-2007-0209 CVE-2007-0208
CVE-2006-6561 CVE-2006-6456 CVE-2006-5994
Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
- --------------------------BEGIN INCLUDED TEXT--------------------
MS07-014 - Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution (929434)
Affected Software:
- Microsoft Office 2000 Service Pack 3
- Microsoft Word 2000
- Microsoft Office XP Service Pack 3
- Microsoft Word 2002
- Microsoft Office 2003 Service Pack 2
- Microsoft Word 2003
- Microsoft Word Viewer 2003
- Microsoft Works Suites:
- Microsoft Works Suite 2004
- Microsoft Works Suite 2005
- Microsoft Works Suite 2006
- Microsoft Office 2004 for Mac
Non-Affected Software:
- 2007 Microsoft Office System
- Microsoft Office Word 2007
Full MS07-014 advisory:
http://www.microsoft.com/technet/security/Bulletin/ms07-014.mspx
Vulnerability Details
Word Malformed String Vulnerability - CVE-2006-5994:
A remote code execution vulnerability exists in the way Microsoft Word
handles Word files with a specially crafted string. Such a specially
crafted file might be included as an e-mail attachment or hosted on a
malicious Web site. An attacker could exploit the vulnerability by
constructing a specially crafted Word file that could allow remote
code execution.
Word Malformed Data Structures Vulnerability - CVE-2006-6456:
A remote code execution vulnerability exists in the way Microsoft Word
handles Word files with a specially crafted data structure. Such a
specially crafted file might be included as an e-mail attachment or
hosted on a malicious Web site. An attacker could exploit the
vulnerability by constructing a specially crafted Word file that could
allow remote code execution. Viewing or previewing a malformed e-mail
message in an affected version of Outlook could not lead to
exploitation of this vulnerability.
Word Count Vulnerability - CVE-2006-6561:
A remote code execution vulnerability exists in Microsoft Word. An
attacker could exploit this vulnerability when Word parses a file and
processes an unchecked count. Such a specially crafted file might be
included as an e-mail attachment or hosted on a malicious Web site. An
attacker could exploit the vulnerability by constructing a specially
crafted Word file that could allow remote code execution. Viewing or
previewing a malformed e-mail message in an affected version of
Outlook could not lead to exploitation of this vulnerability.
Word Macro Vulnerability - CVE-2007-0208:
A remote code execution vulnerability exists in Microsoft Word. If a
user is logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with
administrative user rights.
Word Malformed Drawing Object Vulnerability - CVE-2007-0209:
A remote code execution vulnerability exists in Microsoft Word. An
attacker could exploit this vulnerability when Word parses a file and
processes a malformed drawing object. Such a specially crafted file
might be included as an e-mail attachment or hosted on a malicious Web
site. An attacker could exploit the vulnerability by constructing a
specially crafted Word file that could allow remote code execution.
Word Malformed Function Vulnerability - CVE-2007-0515:
A remote code execution vulnerability exists in Microsoft Word. An
attacker could exploit this vulnerability when Word parses a file and
processes a malformed function. Such a specially crafted file might be
included as an e-mail attachment or hosted on a malicious web site.
Viewing or previewing a malformed e-mail message in an affected
version of Outlook could not lead to exploitation of this
vulnerability. An attacker could exploit the vulnerability by
constructing a specially crafted Word file that could allow remote
code execution.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRdJUBCh9+71yA2DNAQLfBAP/cnShmXjnzL5j+pK8QWPGvKN2se0gzHRf
oOVKJ28wkGuybmKZ8PLyJUB/bkClX2kvFcKLio6pwMNv/2N7jpooB9Ayji/4hm/8
vpy2graolOXqJnT9W6eRk3L1NIWEGfPCYF1Y+rdlAcWtHgmd8BjEeh5GavK/ZiQ/
JV/DQAgJ410=
=yK5t
-----END PGP SIGNATURE-----
|