Content
(MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2009-3135,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Office for Mac 2004,
- Office for Mac 2008,
- Open XML File Format Converter for Mac 1.0,
- Office Word Viewer 2003,
- Summary
- A remote code execution vulnerability exists in Microsoft Office Word.
Tab Navigation
Description
The vulnerability is in the way that Microsoft Office Word handles a specially crafted Word file with a malformed record. Successful exploitation of the vulnerability could allow an attacker to take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations
The Vendor has released patches to address this issue http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)
- Signature identifier:
- 7315
- Release date:
- 11/10/2009
Additional Resources
(MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)
http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx
All Information
Timeline -
11/10/2009
Vendor has provided a patch.
Description -
The vulnerability is in the way that Microsoft Office Word handles a specially crafted Word file with a malformed record. Successful exploitation of the vulnerability could allow an attacker to take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations -
The Vendor has released patches to address this issue http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)
- Signature identifier:
- 7315
- Release date:
- 11/10/2009
Additional Resources
Additional Resources -
(MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)
http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx
