• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Word Unspecified Document File Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

Microsoft Word is a formatted text editor that can be used to edit a variety of document types. It is typically bundled with Microsoft Office suite and is commercially available for the Microsoft Windows and Mac OS platforms.

Microsoft Word is affected by a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data. Microsoft has not specified exactly where the error may occur.

This vulnerability presents itself when a .doc file contains specific malformed input. Upon attempting to read the malformed .doc file, the affected application fails to properly validate data within the file. This results in the attacker being able to control the flow of execution.

Attackers may exploit this vulnerability to execute arbitrary code in the context of the victim user attempting to access the malformed Word file.

Internet Explorer is a likely attack vector as Word may be opened to handle the document when the user clicks a link.

Affected Products:

• Microsoft Office 2000
• Microsoft Office 2000 SP3
• Microsoft Office 2003
• Microsoft Office 2003 SP1
• Microsoft Office XP SP2
• Microsoft Word 2000
• Microsoft Word 2000 Chinese Version
• Microsoft Word 2000 Japanese Version
• Microsoft Word 2000 Korean Version
• Microsoft Word 2000 SP2
• Microsoft Word 2000 SP3
• Microsoft Word 2000 SR1
• Microsoft Word 2000 SR1a
• Microsoft Word 2002
• Microsoft Word 2002 SP1
• Microsoft Word 2002 SP2
• Microsoft Word 2002 SP3
• Microsoft Word 2003
• Microsoft Word 2003 Viewer
• Microsoft Works Suite 2001
• Microsoft Works Suite 2002
• Microsoft Works Suite 2003
• Microsoft Works Suite 2004

References:

• Microsoft: Microsoft Security Bulletin MS05-023

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.