Microsoft Word Record Parsing Vulnerability( 13 August 2008 )

Last Update Date: 28 Jan 2011 Release Date: 13 Aug 2008 4494 Views

RISK: Medium Risk

A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

Remote Code Execution

System / Technologies affected

Microsoft Office XP Service Pack 3
- Microsoft Word 2002 Service Pack 3
Microsoft Office 2003 Service Pack 2
- Microsoft Word 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
- Microsoft Word 2003 Service Pack 3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch

Microsoft Office XP Service Pack 3
- Microsoft Word 2002 Service Pack 3
Microsoft Office 2003 Service Pack 2
- Microsoft Word 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
- Microsoft Word 2003 Service Pack 3

Vulnerability Identifier

CVE-2008-2244

Source

Microsoft

Related Link

http://www.microsoft.com/technet/security/bulletin/ms08-042.mspx

Share with

Microsoft PowerPoint Multiple Vulnerabilities( 13 August 2008 )

13 Aug 2008 4581 Views

Microsoft Windows IPsec Policy Information Disclosure Vulnerability( 13 August 2008 )

13 Aug 2008 4542 Views