• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Word Code Execution Vulnerability

Severity: HIGH

Description:

Microsoft Word is prone to a remote code-execution vulnerability that arises because of a memory-corruption vulnerability.

This issue is believed to arise because of the use of user-supplied data contained in Word files during the construction of the destination address of a memory copy operation. Specifically, when a file with an unchecked count is processed, arbitrary memory locations may be overwritten with attacker-supplied data, potentially facilitating the execution of machine code.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.

Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).

Affected Products:

• Microsoft Office 2000
• Microsoft Office 2000 Chinese Version 0.0.0
• Microsoft Office 2000 Japanese Version 0.0.0
• Microsoft Office 2000 Korean Version 0.0.0
• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP3
• Microsoft Office 2002
• Microsoft Office 2003
• Microsoft Office 2003 SP1
• Microsoft Office 2003 SP2
• Microsoft Office 2003 SP3
• Microsoft Office 2004 for Mac
• Microsoft Office Word 2003 Viewer
• Microsoft Office XP
• Microsoft Office XP Developer Edition 0.0.0
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft Word 2000
• Microsoft Word 2000 Chinese Version
• Microsoft Word 2000 Japanese Version
• Microsoft Word 2000 Korean Version
• Microsoft Word 2000 SP2
• Microsoft Word 2000 SP3
• Microsoft Word 2000 SR1
• Microsoft Word 2000 SR1a
• Microsoft Word 2002
• Microsoft Word 2002 SP1
• Microsoft Word 2002 SP2
• Microsoft Word 2002 SP3
• Microsoft Word 2003
• Microsoft Word 2003 Viewer
• Microsoft Word 2004 for Mac
• Microsoft Word X for Mac 0.0.0
• Microsoft Works Suite 2004 0.0.0
• Microsoft Works Suite 2005
• Microsoft Works Suite 2006

References:

• Microsoft: MS07-014 - Vulnerabilites in Microsoft Word Could Allow Remote Code Execution
• Microsoft: Microsoft Homepage
• Microsoft: Microsoft Word Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.