Microsoft Word Document Stack Based Buffer Overflow VulnerabilityZDI-09-035: June 10th, 2009
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file.
The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code.
Vendor ResponseMicrosoft has issued an update to correct this vulnerability. More details can be found at:
2008-07-08 - Vulnerability reported to vendor
2009-06-10 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
ling & wushi of team509