Name:
MS.Word.RTF.File.Parsing.Command.Execution
Released Date:
Feb 18 2008
Severity:
medium
CVE:
2007-1202
MS Bulletin:
MS07-024
Bugtraq:
23836

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit one of several remote command execution vulnerabilities in Microsoft Office.

The vulnerabilities are caused by an error that occurs when the vulnerable software handles a malicious RTF file. It allows a remote attacker to execute arbitrary code via a crafted RTF file.
 
Impact
System compromise: remote code execution.
 
Affected Products
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Word Viewer 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Microsoft Word 2007
Aliases
MS.Word.RTF.File.Parsing.Command.Execution
References
http://www.microsoft.com/technet/security/Bulletin/MS07-024.mspx
http://www.securityfocus.com/bid/23836
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1202
Recommended Actions
Apply the patch available from the web site:
http://www.microsoft.com/technet/security/bulletin/ms07-024.mspx

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED