Vulnerability

CERT-In Vulnerability Note CIVN-2010-0230
Multiple Remote code Execution Vulnerabilities in Microsoft Office Word

Original Issue Date:October 15, 2010

Severity Rating: MEDIUM

Systems Affected

Microsoft Word 2002 Service Pack 3
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 2
Microsoft Word 2010 (32-bit)
Microsoft Word 2010 (64-bit)
Microsoft Word Web App
Microsoft Office Suites and Components
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit)
Microsoft Office 2010 (64-bit)
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Microsoft Word Viewer
Microsoft Office Web Apps

Overview

Multiple vulnerabilities have been reported in Microsoft Office Word . Successful exploitation of these vulnerability could allow an attacker to execute an arbitrary code and take complete control of the affected system in the context of logged in user.

Description

1. Microsoft Office Word Uninitialized Pointer Access Arbitrary Code Execution Vulnerability ( CVE-2010-2747   )

A Remote code execution vulnerability exists in the Microsoft word due to the improper processing of malformed word documents when the application handling uninitialized pointer.

2. Microsoft Office Word Improper Boundary Checking Arbitrary Code Execution Vulnerability ( CVE-2010-2748   )

A Remote code execution vulnerability exists in the Microsoft word due to improper boundary restrictions .when the application processes Word documents.

3. Microsoft Office Word Index Parsing Arbitrary Code Execution Vulnerability ( CVE-2010-2750   )

A Remote code execution vulnerability exists in the Microsoft word due to the improper processing of index values in Office documents . When processing malicious index values in the document, the application could perform an invalid memory operation.

4. Microsoft Office Word Stack Validation Arbitrary Code Execution Vulnerability ( CVE-2010-3214   )

A Remote code execution vulnerability exists in the Microsoft word due to a stack error that corrupts memory that occur when processing malformed Microsoft Office Word documents.

5. Microsoft Office Word Return Value Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3215   )

A Remote code execution vulnerability exists in the Microsoft word due to the improper handling of return values . When the document is opened, the malformed return values could trigger memory corruption.

6. Microsoft Office Word Bookmark Handling Arbitrary Code Execution Vulnerability ( CVE-2010-3216   )

A Remote code execution vulnerability exists in the Microsoft word due to improper handling of bookmark objects within Word documents .When processed, the document could trigger memory corruption. A remote attacker could exploit this vulnerability by convincing a user to view a malicious Word file

7. Microsoft Office Word Pointer Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3217   )

A Remote code execution vulnerability exists in the Microsoft word due to improper processing of malformed Microsoft Office Word documents. When processed, the document could cause the application to improperly handle memory pointers, corrupting memory.

8. Microsoft Office Word Heap Overflow Arbitrary Code Execution Vulnerability ( CVE-2010-3218   )

A Remote code execution vulnerability exists in the Microsoft word due to improper boundary restrictions that are in place when processing records within Microsoft Office Word documents. The processing of records containing overly large data could trigger a heap overflow, corrupting memory.

9. Microsoft Office Word Document Index Parsing Arbitrary Code Execution Vulnerability ( CVE-2010-3219   )

A Remote code execution vulnerability exists in the Microsoft word due to errors in processing malformed index values within Word files. when processed, could corrupt memory.

10. Microsoft Office Word Document Parsing Arbitrary Code Execution Vulnerability ( CVE-2010-3220   )

A Remote code execution vulnerability exists in the Microsoft word due to an unspecified error that may occur when parsed by the application, the file could trigger memory corruption.

11. Microsoft Office Word Record Processing Arbitrary Code Execution Vulnerability ( CVE-2010-3221   )

A Remote code execution vulnerability exists in the Microsoft word due to the improper processing of malformed records When processed, the records could trigger memory corruption.

Impact: A remote attacker could exploit this vulnerability by convincing a user to view a malicious Word file. Successfully exploitation of these vulnerabilities, an attacker could execute arbitrary code with the privileges of the user.

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS10-079

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx

References

Secunia
http://secunia.com/advisories/41785

SecurityTracker
http://securitytracker.com/alerts/2010/Oct/1024551.html

VUPEN
http://www.vupen.com/english/advisories/2010/2626

CVE Name
CVE-2010-2747
CVE-2010-2748
CVE-2010-2750
CVE-2010-3214
CVE-2010-3215
CVE-2010-3216
CVE-2010-3217
CVE-2010-3221

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India