Name:
MS.Word.FKP.Count.Code.Execution
Released Date:
Dec 14 2006
Severity:
critical
CVE:
2006-6561
MS Bulletin:
MS07-014
Bugtraq:
21589

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates a possible exploit of a memory manipulation vulnerability in Microsoft Word, that may allow user-assisted remote attackers to execute arbitrary code via a crafted DOC file.
 
Impact
Arbitrary code execution in the context of affected application.
 
Affected Products
Microsoft Word X for Mac
Microsoft Word 2004 for Mac 0
Microsoft Word 2003 Viewer
Microsoft Word 2003
Microsoft Word 2002 SP3
Microsoft Word 2002 SP2
Microsoft Word 2002 SP1
Microsoft Word 2002
Microsoft Word 2000 Korean Version
Microsoft Word 2000 Japanese Version
Microsoft Word 2000 Chinese Version
Microsoft Word 2000 SR1a
Microsoft Word 2000 SR1
Microsoft Word 2000 SP3
Microsoft Word 2000 SP2
Microsoft Word 2000
Microsoft Office Word 2003 Viewer 0
Microsoft Office 2003 SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2000 SP3
Microsoft Office 2000 SP1
Aliases
MS.Word.FKP.Count.Code.Execution
MS.Word.FKP.Count.Code.Execution.B
-Tag.SMTP.MS.Word.File.Attachment
MS.Word.FKP.Count.Code.Execution.SMTP
References
http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
http://www.securityfocus.com/bid/21589
http://www.frsirt.com/english/advisories/2006/4997
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6561
http://www.milw0rm.com/exploits/2922
http://www.milw0rm.com/sploits/12122006-djtest.doc
Recommended Actions
Microsoft Security Update for Word 2002 (KB929061)
Microsoft Security Update for Word 2000 (KB929139)
Microsoft Security Update for Word 2003 (KB929057)
Microsoft Security Update for Word Viewer 2003 (KB924883)

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED