HTTP: Microsoft Office Word File FIB Processing Memory Corruption
A code execution vulnerability has been reported in Microsoft Office Word. The flaw is due to the way the affected product processes specially crafted Word files. A remote attacker can exploit this vulnerability by enticing a target user to open a Word file with a malicious record. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. The behaviour of the target host is entirely dependent on the intended function of the injected code. An unsuccessful exploit attempt may terminate the affected application abnormally.
Extended Description
Microsoft Word is prone to a remote stack-buffer overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Word ('.doc') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
Affected Products
Microsoft word_viewer_2003
Short Name
HTTP:STC:DL:DOC-FIB
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-3135 Corruption FIB File Memory Microsoft Office Processing Word bid:36950
Release Date
10/14/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3