Name:
MS.Word.Malformed.Document.Integer.Buffer.Overflow
Released Date:
Jun 14 2005
Severity:
critical
CVE:
2004-0963
MS Bulletin:
MS05-023
Bugtraq:
13122
11350

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description

It indicates a possible exploit of Remote Buffer Overflow Vulnerability in Microsoft Words and Work suites.

Microsoft Word is most popular application for creating and sharing documents . Multiple vulnerabilities are reported in it that may allow an attacker to cause denial of service or possibly execute arbitrary code on the affected system. This is due to application failure to properly sanitize word document while parsing it. It is exploitable by an offset that triggers an out-of-bounds memory access and a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected system with rights of the victim, once the victim opens the document.
 
Impact
Compromise of the affected system.
 
Affected Products
Microsoft Word 2003 SP1 , 2002 SP3 , Microsoft Works suite 2004 and respective earlier versions.
Aliases
MS.Word.Malformed.Document.Buffer.Overflow
References
http://www.microsoft.com/technet/security/Bulletin/MS05-023.mspx
http://www.securityfocus.com/bid/13122
http://www.securityfocus.com/bid/11350
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0963
http://www.hexview.com/docs/20041006-1.txt
Recommended Actions
Apply security patch to the system as given in the Microsoft Security Bulletin MS05-023.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED