• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability

Severity: HIGH

Description:

Microsoft Word is a wordprocesor.

Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when calculating the space required for the number of points contained in a polyline or polygon.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file..

Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

Affected Products:

• Microsoft Office 2000
• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP3
• Microsoft Office 2003
• Microsoft Office 2003 SP1
• Microsoft Office 2003 SP2
• Microsoft Office 2003 SP3
• Microsoft Office 2004 for Mac
• Microsoft Office 2008 for Mac
• Microsoft Office Compatibility Pack 2007
• Microsoft Office Compatibility Pack 2007 SP1
• Microsoft Office Word 2003 Viewer SP3
• Microsoft Office Word Viewer
• Microsoft Office XP SP2
• Microsoft Open XML File Format Converter for Mac
• Microsoft Outlook 2007
• Microsoft Outlook 2007 SP1
• Microsoft Word 2000
• Microsoft Word 2000 SP2
• Microsoft Word 2000 SP3
• Microsoft Word 2000 SR1
• Microsoft Word 2002
• Microsoft Word 2002 SP1
• Microsoft Word 2002 SP2
• Microsoft Word 2002 SP3
• Microsoft Word 2003
• Microsoft Word 2003 SP1
• Microsoft Word 2003 SP2
• Microsoft Word 2003 SP3
• Microsoft Word 2007
• Microsoft Word 2007 SP1

References:

• Microsoft: Microsoft Security Bulletin MS08-072
• Microsoft: Microsoft Word Homepage
• Secunia Research: Microsoft Word RTF Polyline/Polygon Integer Overflow

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.