Microsoft Office Word Remote Code Execution Vulnerabilities (969514) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-027.

Impact

Successful exploitation could execute arbitrary code on the remote system via a specially crafted Word document. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx

Insight

The flaws are due to boundary errors when parsing certain records that can be exploited to cause a buffer overflow.

Affected

Microsoft Word Viewer 2003 Microsoft Office 2K/XP/2003/2007

References

http://secunia.com/advisories/35377
http://support.microsoft.com/kb/969514
http://www.microsoft.com/technet/security/bulletin/ms09-027.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0563, CVE-2009-0565
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
Microsoft .NET Framework Multiple Vulnerabilities (2916607)
Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)

Take action and discover your vulnerabilities