Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-056.
Impact
Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Insight
The issues are caused by buffer overflow and memory corruption errors when processing malformed data and records within Word and 'RTF' documents, which could be exploited by attackers to crash an affected application or execute arbitrary code.
Affected
Microsoft Office Word Viewer
Microsoft Office Word 2002 Service Pack 3
Microsoft Office Word 2003 Service Pack 3
Microsoft Office Word 2007 Service Pack 2
Microsoft Office Compatibility Pack for Word,
Excel, and PowerPoint 2007 File Formats Service Pack 2
References
Severity
Classification
-
CVE CVE-2010-1900, CVE-2010-1901, CVE-2010-1902, CVE-2010-1903 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
- Cumulative Security Update for Internet Explorer (937143)
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
- Active Directory Could Allow Remote Code Execution Vulnerability (957280)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)