Microsoft Office Word Multiple Code Execution Vulnerabilities (10 December 2008)

Last Update Date: 28 Jan 2011 Release Date: 10 Dec 2008 5134 Views

RISK: Medium Risk

Medium Risk

1. Word Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file with a malformed record. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

2. Word RTF Object Parsing Vulnerability - CVE-2008-4025

A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word or reads a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Word Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file with a malformed value. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

4. Word RTF Object Parsing Vulnerability - CVE-2008-4027

A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file with malformed control words in Word, or views or previews a specially crafted RTF file with malformed control words in rich text e-mail. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

5. Word RTF Object Parsing Vulnerability - CVE-2008-4028

A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word, or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-in user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

6. Word RTF Object Parsing Vulnerability - CVE-2008-4031

A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word, or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

7. Word Memory Corruption Vulnerability - CVE-2008-4837

A remote code execution vulnerability exists in the way that Microsoft Office Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the current logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

8. Word RTF Object Parsing Vulnerability - CVE-2008-4030

A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-in user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 3
  • 2007 Microsoft Office System
  • Microsoft Office Word Viewer 2003
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Works 8
  • Microsoft Office 2004 for Mac
  • Microsoft Office 2008 for Mac
  • Open XML File Format Converter for Mac

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Internet Explorer XML Parsing Code Execution Vulnerability

10 Dec 2008 5126 Views

Next

Microsoft Office SharePoint Server Security Bypass Vulnerability (10 December 2008)

10 Dec 2008 5058 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY