Microsoft Office Word Remote Code Execution Vulnerability (976307) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-068.

Impact

Successful exploitation could execute arbitrary code on the remote system via a specially crafted Word document. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx

Insight

The flaws are due to memory corruption error when processing a malformed record within a Word document.

Affected

Microsoft Office XP/2003. Microsoft Word Viewer 2003.

References

http://secunia.com/advisories/37277/
http://www.vupen.com/english/advisories/2009/3194

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3135

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
Cumulative Patch for Internet Information Services (Q327696)
Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)

Take action and discover your vulnerabilities