McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

(MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Malicious remote network traffic

CVE Reference: N/A

Next Steps:

Overview

A remote code execution vulnerability exists in Microsoft Office Word.

The vulnerability is in the way that Microsoft Office Word handles a specially crafted Word file with a malformed record. Successful exploitation of the vulnerability could allow an attacker to take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Attack Vector

Malicious remote network traffic

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Office for Mac   2004,
Office for Mac   2008,
Office Word Viewer   2003,
Open XML File Format Converter for Mac   1.0,

Timeline

2009-11-10

Vendor has provided a patch.

Recommendations

The Vendor has released patches to address this issue
http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx

Recommendations McAfee Product Mitigation

Additional Resources

(MS09-068) Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)
http://www.microsoft.com/technet/security/bulletin/ms09-068.mspx

United States - English