Microsoft Word Could Allow Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft Office (with MS Word), which is prone to remote code execution vulnerability.

Impact

Remote attacker could exploit by persuading victim to open a crafted documents to corrupt memory and cause the application to crash, and also allow to execute arbitrary code with the system privileges of the victim. Impact Level : System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-042.mspx

Insight

Flaw is due to an error within the handling of malformed/crafted MS Word documents.

Affected

Microsoft Word 2002 (XP) with SP3 on Windows (All). Microsoft Word 2003 with SP3 on Windows (All).

References

http://secunia.com/advisories/30975
http://www.frsirt.com/english/advisories/2008/2028
http://www.microsoft.com/technet/security/advisory/953635.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-042.mspx
http://xforce.iss.net/xforce/xfdb/43663

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2244
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Symantec Anti Virus Corporate Edition Check
Microsoft Windows Service Pack Missing Multiple Vulnerabilities
Microsoft's SQL Hello Overflow
Microsoft Remote Desktop Protocol Security Advisory (2861855)
Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)

Take action and discover your vulnerabilities