Content
(MS06-060) Microsoft Word for Mac Vulnerability (924554)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-4693,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Mac OS X Generic,
- Office for Mac X,
- Office for Mac 2004,
- Summary
- A vulnerability exists in Microsoft Word for Mac that may allow for arbitrary code execution. This may be exploited by visiting a malicious website or opening an email attachment containing the crafted file.
Tab Navigation
Description
Microsoft Word for Mac is the Mac OS X version of the popular word processing application Microsoft Word. A vulnerability is present in Word for Mac that may allow for remote arbitrary code execution. The flaw lies in processing of malformed Word document. Code execution is at the rights level of the victim. Successful exploitation can be accomplished by coercing a victim to a website hosting the malicious document and having them download and open it. Alternately, the malicious document would need to be opened from an email attachment.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (924554): http://www.microsoft.com/technet/security/bulletin/MS06-0360.mspx
McAfee Product Mitigation
Additional Resources
Microsoft Security Bulletin: Vulnerability in Microsoft Word Could Allow Remote Code Execution (924554)
http://www.microsoft.com/technet/security/bulletin/MS06-060.mspx
Vulnerability Summary CVE-2006-4693
All Information
Timeline -
10/10/2006
Vendor has provided a patch.
10/10/2006
Vulnerability information has been publicly disclosed.
Description -
Microsoft Word for Mac is the Mac OS X version of the popular word processing application Microsoft Word. A vulnerability is present in Word for Mac that may allow for remote arbitrary code execution. The flaw lies in processing of malformed Word document. Code execution is at the rights level of the victim. Successful exploitation can be accomplished by coercing a victim to a website hosting the malicious document and having them download and open it. Alternately, the malicious document would need to be opened from an email attachment.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (924554): http://www.microsoft.com/technet/security/bulletin/MS06-0360.mspx
McAfee Product Mitigation
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Microsoft Word Could Allow Remote Code Execution (924554)
http://www.microsoft.com/technet/security/bulletin/MS06-060.mspx
