[PCWorks] Microsoft Office Word Multiple Vulnerabilities

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Wed, 11 Aug 2010 03:45:20 -0500

TITLE:
Microsoft Office Word Multiple Vulnerabilities

Criticality level:  Highly critical
Impact:  System access
Where:  From remote

http://secunia.com/advisories/40937/

DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft Office 
Word,
which can be exploited by malicious people to compromise a 
user's
system.

1) An unspecified error when parsing records can be exploited 
to
corrupt memory via a specially crafted Word file.

2) An error when handling certain properties of rich text data 
can be
exploited to corrupt memory via a specially crafted RTF file.

3) An error when parsing certain properties of rich text data 
can be
exploited to cause a buffer overflow via a specially crafted 
RTF
file.

4) An error when handling HTML linked objects can be exploited 
to
corrupt memory via a specially crafted Word file.

Successful exploitation of the vulnerabilities allows execution 
of
arbitrary code.

SOLUTION:
Apply patches.

ORIGINAL ADVISORY:
MS10-056 (KB2092914, KB2251389, KB2251399, KB2251419, 
KB2251437,
KB2269638, KB2277947, KB2284162, KB2284171, KB2284179):
http://www.microsoft.com/technet/security/Bulletin/MS10-056.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Microsoft Office Word Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
  1. Home
  2. pcworks
  3. Archive
  4. 08-2010