Microsoft Word 2000 Unspecified Code Execution

2006-09-03T03:48:58
ID OSVDB:28539
Type osvdb
Reporter OSVDB
Modified 2006-09-03T03:48:58

Description

Vulnerability Description

Microsoft Word 2000 contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a unspecified malformed string in a Word document causes system memory corruption. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Word 2000 contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a unspecified malformed string in a Word document causes system memory corruption. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1016787 Security Tracker: 1017032 Secunia Advisory ID:21735 Other Advisory URL: http://www.symantec.com/enterprise/security_response/weblog/2006/09/new_tricks_with_old_software.html News Article: http://news.com.com/Word+flaw+hit+with+zero-day+attack/2100-7349_3-6112265.html Microsoft Security Bulletin: MS06-060 Microsoft Knowledge Base Article: Q925059 Microsoft Knowledge Base Article: 924554 Mail List Post: http://www.securityfocus.com/archive/1/archive/1/445381/100/0/threaded Keyword: Trojan.MDropper.Q,Backdoor.Femo ISS X-Force ID: 28775 Generic Informational URL: http://blogs.securiteam.com/?p=586 Generic Informational URL: http://isc.sans.org/diary.php?storyid=1669&rss Generic Informational URL: http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99 Generic Informational URL: http://vil.mcafeesecurity.com/vil/content/v_119055.htm FrSIRT Advisory: ADV-2006-3448 CVE-2006-4534 CERT VU: 806548 Bugtraq ID: 19835