Microsoft Word Bulleted List Handling Memory Corruption Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	06/18/2008
Severity:	High
Applications Affected:	Microsoft Word 2000 Microsoft Word 2003 Microsoft Word 2000 Service Pack 2 Microsoft Word 2000 Service Pack 3 Microsoft Word 2000 Service Release 1 Microsoft Word 2000 Sr1a Microsoft Word 2003 Service Pack 2 Microsoft Word 2003 Service Pack 1 Microsoft Word 2003 Service Pack 3
Type	Remote
Identifiers	CVE-2008-2752 BID-29769
Vendor	Microsoft, Inc.

Synopsis

A remote memory-corruption vulnerability exists in the way that Word handles specially crafted .doc files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed bulleted list.

Threat Analysis

The vulnerability is caused by a memory calculation error when parsing a specially crafted Word file. Microsoft Word does not handle unordered lists properly. The error may corrupt system memory in such a way that an attacker could execute arbitrary code.

This vulnerability requires that a user open a specially crafted Word file with an affected version of Microsoft Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.

References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2752
http://www.securityfocus.com/bid/29769

Write-up by: Rajesh Rawal

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |