Title

Multiple Vulnerabilities in Microsoft Office Word (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities affecting Microsoft Word. To exploit these vulnerabilities, an attacker would create a malicious Word file and entice a user to open the affected file by hosting it on a web site or sending via email. If successfully exploited, these vulnerabilities would allow an attacker to compromise an affected system. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Word Uninitialized Pointer Vulnerability - (CVE-2010-2747): A remote code execution vulnerability exists in the way that Microsoft Word handles an uninitialized pointer when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Boundary Check Vulnerability - (CVE-2010-2748): A remote code execution vulnerability exists in the way that Microsoft Word handles an improper boundary check when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Index Vulnerability - (CVE-2010-2750): A remote code execution vulnerability exists in the way that Microsoft Word handles index values inside a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Stack Overflow Vulnerability - (CVE-2010-3214): A remote code execution vulnerability exists in the way that Microsoft Word handles stack validation when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Return Value Vulnerability - (CVE-2010-3215): A remote code execution vulnerability exists in the way that Microsoft Word handles return values when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Bookmarks Vulnerability - (CVE-2010-3216): A remote code execution vulnerability exists in the way that Microsoft Word handles bookmarks when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Pointer Vulnerability - (CVE-2010-3217): A remote code execution vulnerability exists in the way that Microsoft Word handles pointers when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Heap Overflow Vulnerability - (CVE-2010-3218): A remote code execution vulnerability exists in the way that Microsoft Word handles malformed records inside a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Index Parsing Vulnerability - (CVE-2010-3219): A remote code execution vulnerability exists in the way that Microsoft Word handles indexes when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Parsing Vulnerability - (CVE-2010-3220): A remote code execution vulnerability exists in the way that Microsoft Word parses a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Word Parsing Vulnerability - (CVE-2010-3221): A remote code execution vulnerability exists in the way that Microsoft Word handles a malformed record when parsing a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-079 (2293194). Vulnerable Applications/Systems: Microsoft Office Suites and Components Microsoft Office XP SP 3 Microsoft Office 2003 SP 3 Microsoft Office 2007 SP 2 Microsoft Office 2010 (32-bit editions)[1] Microsoft Office 2010 (64-bit editions) Other Office Software Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP 2 Microsoft Office Word Viewer Microsoft Server Software Microsoft Office Web Apps[2] Microsoft Word Web Apps[2] [1]For Microsoft Word 2007 SP 2, in addition to security update package KB2344993, customers also need to install the security update for Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP 2 (KB2345043) to be protected from the vulnerabilities described in this bulletin. [2]For Microsoft Office Web Apps, customers need to install both security update KB2346411 and security update KB2345015 to be protected from the vulnerabilities described in this bulletin. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Winword.exe Word 2002 10.0.6866.0 Word 2003 11.0.8328.0 Word 2007 12.0.6545.5000 Word 2010 14.0.5123.5000 Wordview.exe Word Viewer 11.0.8328.0 Wordcnv.exe Office Compatibility Pack 2007 12.0.6545.5000 Wdsrv.dll Word Web App 2010 14.0.5119.5000 Microsoft.office.web.environment.sharepoint.dll Office Web Applications 2010 14.0.5119.5000

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25510

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.