Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user.
Microsoft Word contains a vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would allow arbitrary code execution on the system with the privileges of the current user. If a user has configured applications to automatically open files, and these applications receive document data from remote sources, then this vulnerability may permit a remote attacker a vector by which to compromise the system.
For a current list of systems affected and more details regarding this vulnerability and its resolution, please see Microsoft's Security Bulletin MS05-023. This bulletin discusses both this vulnerability and a separate buffer overflow vulnerability in Microsoft Word.
Exploitation of this vulnerability may result in the execution of code on the system with the privileges of the current user. If a remote attacker can trick a local user into opening un-trustworthy content, then the remote attacker may have code executed with the privileges of the local user.
Please see Microsoft's Security Bulletin MS005-023 for the resolution to this vulnerability.
Do not open any content that you do not trust, or have not validated, especially content originating from remote sources such as email or web sites. Doing so may put the security and integrity of your system at risk.
Vendor| Status| Date Notified| Date Updated
Microsoft Corporation| | -| 12 Apr 2005
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.