Microsoft Word Document Stack Based Buffer Overflow Vulnerability
ZDI-09-035: June 10th, 2009CVE ID
Affected Vendors
Affected Products
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file.
The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code.
Vendor Response
Microsoft has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2008-07-08 - Vulnerability reported to vendor
2009-06-10 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
ling & wushi of team509
