Info

Disclosure

Sep 03, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 10, 2006

Description

Microsoft Word 2000 contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a unspecified malformed string in a Word document causes system memory corruption. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Attack Type Unknown
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Word	2000
Microsoft Corporation	Word Viewer	2003

References

Security Tracker: 1016787 1017032
Bugtraq ID: 19835
CVE ID: 2006-4534 (see also: NVD)
Secunia Advisory ID: 21735
SCIP VulDB ID: 2508
ISS X-Force ID: 28775
CERT VU: 806548
Microsoft Knowledge Base Article: 924554 Q925059
VUPEN Advisory: ADV-2006-3448
Generic Informational URL: http://blogs.securiteam.com/?p=586
http://isc.sans.org/diary.php?storyid=1669&rss
http://vil.mcafeesecurity.com/vil/content/v_119055.htm
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99
News Article: http://news.com.com/Word+flaw+hit+with+zero-day+attack/2100-7349_3-6112265.html
Mail List Post: http://www.securityfocus.com/archive/1/archive/1/445381/100/0/threaded
Other Advisory URL: http://www.symantec.com/enterprise/security_response/weblog/2006/09/new_tricks_with_old_software.html
Microsoft Security Bulletin: MS06-060

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/28539

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Word

Word Viewer

References

Credit