[PCWorks] Microsoft Office XP Word Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Wed, 13 Oct 2010 04:55:15 -0500

TITLE:
Microsoft Office XP Word Multiple Vulnerabilities

Criticality level:  Highly critical
Impact:  System access
Where:  From remote

http://secunia.com/advisories/41785/

DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft Word 
2002,
which can be exploited by malicious people to compromise a 
user's
system.

1) An error when parsing a specially crafted Word file may 
result in
an uninitialised pointer being used.

2) An improper boundary check when parsing a specially crafted 
Word
file can be exploited to corrupt memory.

3) An error in the handling of certain index values in a 
specially
crafted Word file can be exploited to corrupt memory.

4) An error in the handling of certain return values when 
parsing a
specially crafted Word file can be exploited to corrupt memory.

5) An error in the handling of bookmarks when parsing a 
specially
crafted Word file can be exploited to corrupt memory.

6) An error in the handling of certain pointers when parsing a
specially crafted Word file can be exploited to corrupt memory.

7) An error in the handling of certain records when parsing a
specially crafted Word file can be exploited to cause a 
heap-based
buffer overflow.

8) An error in the handling of certain indexes when parsing a
specially crafted Word file can be exploited to corrupt memory.

9) An error in the parsing of a specially crafted Word file can 
be
exploited to corrupt memory.

10) An error in the handling of certain malformed records when
parsing a specially crafted Word file can be exploited to 
corrupt
memory.

11) A boundary error when parsing a specially crafted Word file 
can
be exploited to cause a stack-based buffer overflow.

Successful exploitation of the vulnerabilities may allow 
execution of
arbitrary code.

SOLUTION:
Apply patches:

ORIGINAL ADVISORY:
MS10-079 (KB2293194, KB2328360):
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Microsoft Office XP Word Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 10-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---