Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-056.
Impact
Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Insight
The issues are caused by buffer overflow and memory corruption errors when processing malformed data and records within Word and 'RTF' documents, which could be exploited by attackers to crash an affected application or execute arbitrary code.
Affected
Microsoft Office Word Viewer
Microsoft Office Word 2002 Service Pack 3
Microsoft Office Word 2003 Service Pack 3
Microsoft Office Word 2007 Service Pack 2
Microsoft Office Compatibility Pack for Word,
Excel, and PowerPoint 2007 File Formats Service Pack 2
References
Severity
Classification
-
CVE CVE-2010-1900, CVE-2010-1901, CVE-2010-1902, CVE-2010-1903 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
- Microsoft Excel Remote Code Execution Vulnerabilities (968557)
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Cumulative Security Update for Internet Explorer (969897)