Microsoft Word Could Allow Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft Office (with MS Word), which is prone to remote code execution vulnerability.

Impact

Remote attacker could exploit by persuading victim to open a crafted documents to corrupt memory and cause the application to crash, and also allow to execute arbitrary code with the system privileges of the victim. Impact Level : System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-042.mspx

Insight

Flaw is due to an error within the handling of malformed/crafted MS Word documents.

Affected

Microsoft Word 2002 (XP) with SP3 on Windows (All). Microsoft Word 2003 with SP3 on Windows (All).

References

http://secunia.com/advisories/30975
http://www.frsirt.com/english/advisories/2008/2028
http://www.microsoft.com/technet/security/advisory/953635.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-042.mspx
http://xforce.iss.net/xforce/xfdb/43663

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2244

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities
Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
SecureCRT SSH1 protocol version string overflow
Microsoft's SQL Blank Password
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability

Take action and discover your vulnerabilities