CERT-In Vulnerability Note CIVN-2008-104
Microsoft Word Memory Corruption Vulnerability

Original Issue Date: July 10, 2008
Updated: August 14,2008

Severity Rating: Medium

Systems Affected

• Microsoft Word 2003 Service Pack 3
• Microsoft Word 2003 Service Pack 2
• Microsoft Word 2002 Service Pack 3

Overview

A vulnerability has been reported in Microsoft Word that could be exploited by a remote attacker to execute arbitrary code and may take complete control of the affected system.

Description

The vulnerability is caused due to an error in the processing of smart tag length values, which can be exploited to cause memory corruption via a specially crafted document.

The attacker could exploit this vulnerability by creating specially crafted Microsoft Word file. An attacker could host a website containing the word file and then persuade a user to visit the website typically by getting them click on to the link to the website or could send the office file as an email attachment. Opening such file corrupts system memory to allow execution of arbitrary code.

Note: It may be noted that exploit for this vulnerability is available. Which is detected as Trojan.Mdropper by Symantec.

Workarounds

• Use Microsoft Office Word 2003 Viewer or Microsoft Office Word 2003 Viewer Service Pack 3 to open and view Microsoft Word files.
• Use host based intrusion prevention system (HIPS).
• Don’t open e-mail messages and attachments from un-trusted sources.
• Exercise caution while opening links in e-mail.
  

Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-042

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/953635.mspx
http://www.microsoft.com/technet/security/Bulletin/MS08-042.mspx

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-042.mspx

Secunia
http://secunia.com/advisories/30975/

ISS
http://xforce.iss.net/xforce/xfdb/43663

SANS
http://isc.sans.org/diary.html?storyid=4696

eEye
http://research.eeye.com/html/alerts/zeroday/20080708.html

Security Focus
http://www.securityfocus.com/bid/30124/info

FrSIRT
http://www.frsirt.com/english/advisories/2008/2028

SecurityTracker
http://www.securitytracker.com/alerts/2008/Jul/1020447.html

ISS
http://xforce.iss.net/xforce/xfdb/43663

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=16234

CVE Name
CVE-2008-2244

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003