Announcement Announcement Module
Collapse
No announcement yet.
Multiple Vulnerabilities in Microsoft Office Word and Office Web Apps Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Vulnerabilities in Microsoft Office Word and Office Web Apps


    Severity Rating: HIGH

    Systems Affected

    Microsoft Office 2003 SP3
    Microsoft Office 2007 SP3
    Microsoft Office 2010 SP1 and SP2 (32-bit and 64-bit editions)
    Microsoft Office 2013 Word (32-bit and 64-bit editions)
    Microsoft Office 2013 SP1 (32-bit and 64-bit editions)
    Microsoft Office 2013 RT
    Microsoft Office 2013 RT SP1
    Microsoft Office for Mac 2011
    Microsoft Office Compatibility Pack SP3
    Microsoft Word Viewer
    Microsoft SharePoint Server 2010 SP1 and SP2
    Microsoft SharePoint Server 2013
    Microsoft Office Web Apps 2010 SP1 and SP2
    Microsoft Office Web Apps 2013
    Microsoft Office Web Apps 2013 SP1

    Overview

    Multiple memory corruption vulnerabilities have been reported in Microsoft Office, which could allow a remote attacker to execute arbitrary code on the targeted system in context of the logged-on user.

    Description

    1. Microsoft Office File Format Converter Vulnerability

    This vulnerability exists in the File Format Converter component of Microsoft Office due to improper memory allocation by the affected software while converting crafted files. A remote attacker could exploit this vulnerability by convincing a targeted user to open a malicious Word document.

    Successful exploitation may result in complete compromise of the targeted system in context of the current user.

    2. Microsoft Word Stack Overflow Vulnerability

    This vulnerability exists in Microsoft Word due to improper handling of objects in the memory. A remote attacker could exploit this vulnerability by convincing the targeted user to open a malicious Word document with the affected software.

    Successful exploitation may result in complete compromise of the targeted system in context of the current user.

    3. Microsoft Word RTF Memory Corruption Vulnerability

    This vulnerability exists in the Microsoft Office Word RTF file Processing Component due to improper processing of malicious RTF content in document files. A remote attacker could exploit this vulnerability by convincing a user to open a specially crafted RTF file using the affected software.

    Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system with the privileges of current logged on user.


    Workaround

    Do not open Office files received from untrusted sources or that received unexpectedly from trusted sources
    Apply the Microsoft Fix it solution, "Disable opening RTF content in Microsoft Word", that prevents exploitation of this issue Read emails in plain text
    Use Microsoft Office File Block policy to prevent the opening of RTF files in Microsoft Word 2007, Microsoft Word 2010, and Microsoft Word 2013
    Use Microsoft Office File Block policy to prevent the opening of RTF files in Microsoft Word 2003
    For Microsoft Office for Mac 2011, disassociate RTF files from Mac Office in OS Xs LaunchServices database

    Solution

    Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS14-017 / http://technet.microsoft.com/en-us/s...letin/ms14-017

    Vendor Information

    Microsoft
    http://technet.microsoft.com/en-us/s...letin/ms14-017


    References

    CISCO
    http://tools.cisco.com/security/cent...?alertId=33583
    http://tools.cisco.com/security/cent...?alertId=33584


    Symantec
    http://www.symantec.com/security_res....jsp?bid=66614
    http://www.symantec.com/security_res....jsp?bid=66385
    http://www.symantec.com/security_res....jsp?bid=66629


    Secunia
    http://secunia.com/advisories/57577/
Tag Cloud Tag Cloud Module
Collapse
Working...
X