HTTP: Microsoft Word Documents Memory Corruption
This signature detects attempts to exploit a known vulnerability agains Microsoft Word file format document parser. A successful attack can lead to arbitrary remote code execution within the context of the user.
Extended Description
Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user. Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
Affected Products
Microsoft office_xp
Short Name
HTTP:STC:DL:WORD-MEM-CORR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-3649 CVE-2006-6561 Corruption Documents Memory Microsoft Word bid:19414 bid:21589
Release Date
10/04/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3
5.1