Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28535
  • Total Topics: 8240
  • Online Today: 1102
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Microsoft Word Array Overflow (934232)  (Read 2023 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
    • SCforum.info
Microsoft Word Array Overflow (934232)
« on: 17. May 2007., 16:16:24 »
Type Buffer Overflow
Impact of exploitation Remote Code Execution
User Interaction user interaction is needed
Attack Vector Maliciously Crafted File
Rating Medium
CVE reference CVE-2007-0035,
Vendor Status Responded and patched

Vulnerable systems

Microsoft Word  2000,
Microsoft Word  2002,
Microsoft Word  2003,
Microsoft Word Viewer  2003,

Office for Mac  2004,
 
Microsoft Works Suite  2004,
Microsoft Works Suite  2005,
Microsoft Works Suite  2006,
Summary  A vulnerability in Microsoft Word may allow for remote code execution attacks.


Description -

Microsoft Word is an industry-standard word-processing application developed by Microsoft. A vulnerability in Microsoft Word may allow for remote code execution attacks. A specially crafted Word document could trigger an array overflow error in Word. A user would have to visit a malicious Web site hosting a specially crafted Word document or open such an email attachment for an attack to occur. Code execution would be at the level of the logged-on user.
Recommendations -

Download and install the patch available from Microsoft (934232): http://www.microsoft.com/technet/security/Bulletin/MS07-024.mspx
McAfee Product Mitigation
McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
Signature:
(MS07-024) Microsoft Word Array Overflow (934232)
Signature identifier:
5125
Release date:
5/8/2007
McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
Signature:
HTTP: Microsoft Word Array Overflow
Signature identifier:
0x40236000
Release date:
5/8/2007
First released in:
Sigset 3.1.39
McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
Signature:
Generic buffer overflow protection
Signature identifier:
428
Release date:
8/24/2000
First released in:
2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE8.0i and MVS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
Signature:
Buffer Overflow Protection
Release date:
8/30/2004
First released in:
build 131
Additional Resources -
Microsoft Security Bulletin MS07-024: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

Microsoft Word Array Overflow (934232)
« on: 17. May 2007., 16:16:24 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising