HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-78
Microsoft Office Word Remote Code Execution Vulnerabilities

Original Issue Date:June 11, 2009

Severity Rating: High

Softwares Affected

  • Microsoft Office Suites and Components
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1
    • 2007 Microsoft Office System Service Pack 2

  • Microsoft Office for Mac
    • Microsoft Office 2004 for Mac
    • Microsoft Office 2008 for Mac
    • Open XML File Format Converter for Mac

  • Other Office Software
    • Microsoft Office Word Viewer 2003 Service Pack 3
    • Microsoft Office Word Viewer
    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Overview

Multiple vulnerabilities have been reported in Microsoft Office Word that could allow remote attacker to execute arbitrary code to take complete control of affected systems if a user opens a specially crafted Word file.

Description

1. Word Buffer Overflow Vulnerability (CVE-2009-0563)

This vulnerability is caused due insufficient boundary condition restrictions on parameters present in specially crafted Word document, which could cause the application to perform invalid memory operations and may leads to buffer overflow condition.

2. Word Buffer Overflow Vulnerability (CVE-2009-0565)

This vulnerability is caused due to insufficient boundary check while handling of overly large values present in Word document, which could cause a buffer overflow condition and may lead to corruption of memory areas.

A remote attacker could exploit these vulnerabilities by enticing naïve users to open specially crafted Word documents. Successful exploitation of these vulnerabilities could cause memory corruption conditions which could allow remote attacker to execute arbitrary code on affected systems with the privileges of currently logged-in users.

Workarounds

  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations
  • Configure less privilege account for normal users
  • Do not open or save Word files received from unknown and untrusted sources

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS09-027

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx

References

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=18401
http://tools.cisco.com/security/center/viewAlert.x?alertId=18402

SecurityFocus
http://www.securityfocus.com/bid/35188

Secunia
http://secunia.com/advisories/35377/

VUPEN
http://www.vupen.com/english/advisories/2009/1546

CVE Name
CVE-2009-0563
CVE-2009-0565

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003