Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-056.
Impact
Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Insight
The issues are caused by buffer overflow and memory corruption errors when processing malformed data and records within Word and 'RTF' documents, which could be exploited by attackers to crash an affected application or execute arbitrary code.
Affected
Microsoft Office Word Viewer
Microsoft Office Word 2002 Service Pack 3
Microsoft Office Word 2003 Service Pack 3
Microsoft Office Word 2007 Service Pack 2
Microsoft Office Compatibility Pack for Word,
Excel, and PowerPoint 2007 File Formats Service Pack 2
References
Severity
Classification
-
CVE CVE-2010-1900, CVE-2010-1901, CVE-2010-1902, CVE-2010-1903 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
- Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
- Microsoft Active Directory Denial of Service Vulnerability (953235)